Conversation
…atchClassName rule
[readme] Change variable naming in example
| <dependency> | ||
| <groupId>com.ning</groupId> | ||
| <artifactId>async-http-client</artifactId> | ||
| <version>1.9.40</version> |
There was a problem hiding this comment.
Critical Vulnerability:
maven : com.ning/async-http-client : 1.9.40
2 Critical, 3 High, 2 Medium, 0 Low vulnerabilities have been found across 2 dependencies.
View the Lift console for details about these vulnerabilities.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| final URL url = new URL(completeUrl); | ||
| final HttpURLConnection connection; | ||
| if (config.getProxy() == null) { | ||
| connection = (HttpURLConnection) url.openConnection(); |
There was a problem hiding this comment.
URLCONNECTION_SSRF_FD: This web server request could be used by an attacker to expose internal services and filesystem.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| if (config.getProxy() == null) { | ||
| connection = (HttpURLConnection) url.openConnection(); | ||
| } else { | ||
| connection = (HttpURLConnection) url.openConnection(config.getProxy()); |
There was a problem hiding this comment.
URLCONNECTION_SSRF_FD: This web server request could be used by an attacker to expose internal services and filesystem.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
|
|
||
| public static String md5(String orgString) { | ||
| try { | ||
| final MessageDigest md = MessageDigest.getInstance("MD5"); |
There was a problem hiding this comment.
WEAK_MESSAGE_DIGEST_MD5: This API MD5 (MDX) is not a recommended cryptographic hash function
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
|
|
||
| public static String md5(String orgString) { | ||
| try { | ||
| final MessageDigest md = MessageDigest.getInstance("MD5"); |
There was a problem hiding this comment.
WEAK_MESSAGE_DIGEST_MD5: This API MD5 (MDX) is not a recommended cryptographic hash function
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| @@ -32,17 +33,13 @@ public String getSignature(String baseString, String apiSecret, String tokenSecr | |||
| final Signature signature = Signature.getInstance(RSA_SHA1); | |||
There was a problem hiding this comment.
WEAK_MESSAGE_DIGEST_SHA1: This API SHA1 (SHA-1) is not a recommended cryptographic hash function
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| FacebookAccessTokenJsonExtractor.instance().generateError(response); | ||
| } else { | ||
| throw new InstagramAccessTokenErrorResponse( | ||
| errorNode.get("error_type").asText(), |
There was a problem hiding this comment.
NULL_DEREFERENCE: object returned by errorNode.get("error_type") could be null and is dereferenced at line 48.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| int hash = super.hashCode(); | ||
| hash = 83 * hash + Objects.hashCode(errorMessage); | ||
| hash = 83 * hash + Objects.hashCode(type); | ||
| hash = 83 * hash + Objects.hashCode(codeInt); |
There was a problem hiding this comment.
ObjectsHashCodePrimitive: Objects.hashCode(Object o) should not be passed a primitive value
| hash = 83 * hash + Objects.hashCode(codeInt); | |
| hash = 83 * hash + Integer.hashCode(codeInt); |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| hash = 83 * hash + Objects.hashCode(response); | ||
| hash = 83 * hash + Objects.hashCode(errorMessage); | ||
| hash = 83 * hash + Objects.hashCode(errorType); | ||
| hash = 83 * hash + Objects.hashCode(code); |
There was a problem hiding this comment.
ObjectsHashCodePrimitive: Objects.hashCode(Object o) should not be passed a primitive value
| hash = 83 * hash + Objects.hashCode(code); | |
| hash = 83 * hash + Integer.hashCode(code); |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| */ | ||
| SERVER_ERROR("server_error"), | ||
| /** | ||
| * @see <a href="https://tools.ietf.org/html/rfc6749#section-4.1.2.1">RFC 6749, 4.1.2.1 Error Response</a> |
There was a problem hiding this comment.
MissingSummary: A summary fragment is required; consider using the value of the @see block as a summary fragment instead.
| * @see <a href="https://tools.ietf.org/html/rfc6749#section-4.1.2.1">RFC 6749, 4.1.2.1 Error Response</a> | |
| *See {@link <a href="https: |
❗❗ 17 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 84 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 49 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 66 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 71 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 33 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 22 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 57 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 53 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 28 |
| scribejava-core/src/main/java/com/github/scribejava/core/oauth2/OAuth2Error.java | 61 |
Showing 10 of 17 findings. Visit the Lift Web Console to see all.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| } | ||
| } | ||
|
|
||
| os.write("\r\n".getBytes()); |
There was a problem hiding this comment.
DefaultCharset: Implicit use of the platform default charset, which can result in differing behaviour between JVM executions or incorrect behavior if the encoding of the data source doesn't match expectations.
| os.write("\r\n".getBytes()); | |
| os.write("\r\n".getBytes(Charset.defaultCharset())); |
❗❗ 9 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/jdk/JDKHttpClient.java | 164 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/multipart/MultipartUtils.java | 72 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/multipart/MultipartUtils.java | 59 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/multipart/MultipartUtils.java | 75 |
| scribejava-apis/src/main/java/com/github/scribejava/apis/facebook/FacebookService.java | 37 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/multipart/MultipartUtils.java | 51 |
| scribejava-apis/src/main/java/com/github/scribejava/apis/facebook/FacebookService.java | 32 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/multipart/MultipartUtils.java | 46 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/multipart/MultipartUtils.java | 78 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| * @param accessToken short-lived access token | ||
| * @return long-lived access token with filled expireIn and refreshToken | ||
| * @throws java.lang.InterruptedException | ||
| * @throws java.util.concurrent.ExecutionException |
There was a problem hiding this comment.
EmptyBlockTag: A block tag (@param, @return, @throws, @deprecated) has an empty description. Block tags without descriptions don't add much value for future readers of the code; consider removing the tag entirely or adding a description.
| * @throws java.util.concurrent.ExecutionException | |
| * |
❗❗ 3 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| scribejava-apis/src/main/java/com/github/scribejava/apis/instagram/InstagramService.java | 77 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/jdk/JDKHttpFuture.java | 12 |
| scribejava-apis/src/main/java/com/github/scribejava/apis/instagram/InstagramService.java | 75 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
|
|
||
| public class Java8Base64 { | ||
|
|
||
| private static final java.util.Base64.Encoder BASE64_ENCODER = java.util.Base64.getEncoder(); |
There was a problem hiding this comment.
UnnecessarilyFullyQualified: This fully qualified name is unambiguous to the compiler if imported.
| private static final java.util.Base64.Encoder BASE64_ENCODER = java.util.Base64.getEncoder(); | |
| private static final java.util.Base64.Encoder BASE64_ENCODER = Base64.getEncoder(); |
❗❗ 4 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| scribejava-java8/src/main/java/com/github/scribejava/java8/base64/Java8Base64.java | 7 |
| scribejava-java8/src/main/java/com/github/scribejava/java8/base64/Java8Base64.java | 6 |
| scribejava-java8/src/main/java/com/github/scribejava/java8/base64/Java8Base64.java | 5 |
| scribejava-core/src/main/java/com/github/scribejava/core/httpclient/AbstractAsyncOnlyHttpClient.java | 32 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| */ | ||
| public OAuth2AccessToken pollAccessTokenDeviceAuthorizationGrant(DeviceAuthorization deviceAuthorization) | ||
| throws InterruptedException, ExecutionException, IOException { | ||
| long intervalMillis = deviceAuthorization.getIntervalSeconds() * 1000; |
There was a problem hiding this comment.
IntLongMath: Expression of type int may overflow before being assigned to a long
| long intervalMillis = deviceAuthorization.getIntervalSeconds() * 1000; | |
| long intervalMillis = deviceAuthorization.getIntervalSeconds() * 1000L; |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| this.authorizationBaseUrl = serverURL + "/api/method/frappe.integrations.oauth2.authorize"; | ||
| } | ||
|
|
||
| public static FrappeApi instance(String serverUrl) { |
There was a problem hiding this comment.
InconsistentCapitalization: Found the field 'serverURL' with the same name as the parameter 'serverUrl' but with different capitalization.
| public static FrappeApi instance(String serverUrl) { | |
| public static FrappeApi instance(String serverURL) { |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| * @param messagePattern messagePattern | ||
| * @param params params | ||
| */ | ||
| public void log(String messagePattern, Object... params) { |
There was a problem hiding this comment.
AnnotateFormatMethod: This method passes a pair of parameters through to String.format, but the enclosing method wasn't annotated @FormatMethod. Doing so gives compile-time rather than run-time protection against malformed format strings.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| return response; | ||
| } | ||
|
|
||
| private class OAuthAsyncRequestThrowableHolderCallback implements OAuthAsyncRequestCallback<Response> { |
There was a problem hiding this comment.
ClassCanBeStatic: Inner class is non-static but does not reference enclosing class
| private class OAuthAsyncRequestThrowableHolderCallback implements OAuthAsyncRequestCallback<Response> { | |
| private static class OAuthAsyncRequestThrowableHolderCallback implements OAuthAsyncRequestCallback<Response> { |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| */ | ||
| public OAuth2AccessToken pollAccessTokenDeviceAuthorizationGrant(DeviceAuthorization deviceAuthorization) | ||
| throws InterruptedException, ExecutionException, IOException { | ||
| long intervalMillis = deviceAuthorization.getIntervalSeconds() * 1000; |
There was a problem hiding this comment.
NarrowCalculation: This product of integers could overflow before being implicitly cast to a long.
| long intervalMillis = deviceAuthorization.getIntervalSeconds() * 1000; | |
| long intervalMillis = deviceAuthorization.getIntervalSeconds() * 1000L; |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| } | ||
|
|
||
| @Override | ||
| public String toString() { |
There was a problem hiding this comment.
OverrideThrowableToString: To return a custom message with a Throwable class, one should override getMessage() instead of toString().
| public String toString() { | |
| public String getMessage() { |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| } | ||
|
|
||
| @Override | ||
| public String toString() { |
There was a problem hiding this comment.
OverrideThrowableToString: To return a custom message with a Throwable class, one should override getMessage() instead of toString().
| public String toString() { | |
| public String getMessage() { |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
|
|
||
| public static String md5(String orgString) { | ||
| try { | ||
| final MessageDigest md = MessageDigest.getInstance("MD5"); |
There was a problem hiding this comment.
opt.semgrep.java.lang.security.audit.crypto.weak-hash.use-of-md5: Detected MD5 hash algorithm which is considered insecure. MD5 is not
collision resistant and is therefore not suitable as a cryptographic
signature. Use SHA256 or SHA3 instead.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
|
|
||
| public static String md5(String orgString) { | ||
| try { | ||
| final MessageDigest md = MessageDigest.getInstance("MD5"); |
There was a problem hiding this comment.
opt.semgrep.java.lang.security.audit.crypto.weak-hash.use-of-md5: Detected MD5 hash algorithm which is considered insecure. MD5 is not
collision resistant and is therefore not suitable as a cryptographic
signature. Use SHA256 or SHA3 instead.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| public static boolean isOob(OAuthConfig config) { | ||
| return "oob".equals(config.getCallback()); | ||
| public static boolean isOob(String callback) { | ||
| return OAuthConstants.OOB.equals(callback); |
There was a problem hiding this comment.
YodaCondition: The non-constant portion of an equals check generally comes first.
| return OAuthConstants.OOB.equals(callback); | |
| return Objects.equals(callback, OAuthConstants.OOB); |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| if (stream == null) { | ||
| return null; | ||
| } | ||
| if ("gzip".equals(getHeader("Content-Encoding"))) { |
There was a problem hiding this comment.
YodaCondition: The non-constant portion of an equals check generally comes first.
| if ("gzip".equals(getHeader("Content-Encoding"))) { | |
| if (Objects.equals(getHeader("Content-Encoding"), "gzip")) { |
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
🛠 Lift Auto-fixSome of the Lift findings in this PR can be automatically fixed. You can download and apply these changes in your local project directory of your branch to review the suggestions before committing.1 # Download the patch
curl https://lift.sonatype.com/api/patch/github.com/cng1985/scribejava/1.diff -o lift-autofixes.diff
# Apply the patch with git
git apply lift-autofixes.diff
# Review the changes
git diffWant it all in a single command? Open a terminal in your project's directory and copy and paste the following command: curl https://lift.sonatype.com/api/patch/github.com/cng1985/scribejava/1.diff | git applyOnce you're satisfied, commit and push your changes in your project. Footnotes |
No description provided.