This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/

This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/

This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/

Value annotated as carrying type qualifier SlashedClassName used where a value that must not carry that qualifier is required

com.h3xstream.findsecbugs.injection.InjectionPoint.getInjectableArguments() may expose internal representation by returning InjectionPoint.injectableArguments

new com.h3xstream.findsecbugs.injection.InjectionPoint(int[], String) may expose internal representation by storing an externally mutable object into InjectionPoint.injectableArguments

Possible null pointer dereference in com.h3xstream.findsecbugs.scala.PlayUnvalidatedRedirectDetector.sawOpcode(int) due to return value of called method

Found reliance on default encoding in com.h3xstream.findsecbugs.spring.CorsRegistryCORSDetector.getStringFromIdx(int): java.io.ByteArrayOutputStream.toString()

Possible null pointer dereference in com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(Type) due to return value of called method

Unchecked/unconfirmed cast from edu.umd.cs.findbugs.classfile.MethodDescriptor to edu.umd.cs.findbugs.classfile.analysis.MethodInfo in new com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis(MethodGen, DepthFirstSearch, MethodDescriptor, TaintConfig, List)

Switch statement found in com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitReturnInstruction(ReturnInstruction) where default case is missing

com.h3xstream.findsecbugs.xss.XssJspDetector.JSP_PARENT_CLASSES should be package protected

The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2, github/codeql-action/init@v1, github/codeql-action/autobuild@v1, github/codeql-action/analyze@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/