Code Quality: Push on main #467
sanjomocodeql
on: dynamic
Matrix: analyze
Annotations
19 warnings and 42 notices
|
Busy wait:
netty-socketio-smoke-test/src/main/java/com/socketio4j/socketio/smoketest/ClientMain.java#L75
Call to `Thread.sleep()` in a loop, probably busy-waiting
|
|
Injection point with ambiguous dependencies:
netty-socketio-quarkus/netty-socketio-quarkus-runtime/src/main/java/com/socketio4j/socketio/quarkus/lifecycle/SocketIOServerLifecycle.java#L54
Unsatisfied dependency: no bean matches the injection point
|
|
Comparison of 'short' and 'char' values:
netty-socketio-core/src/main/java/com/socketio4j/socketio/protocol/PacketEncoder.java#L113
Equality comparison `value == '\''` of short and char values
|
|
Comparison of 'short' and 'char' values:
netty-socketio-core/src/main/java/com/socketio4j/socketio/protocol/PacketEncoder.java#L113
Equality comparison `value == '\\'` of short and char values
|
|
Result of method call ignored:
netty-socketio-core/src/main/java/com/socketio4j/socketio/misc/CompositeIterator.java#L48
Result of `CompositeIterator.hasNext()` is ignored
|
|
Result of method call ignored:
netty-socketio-smoke-test/src/main/java/com/socketio4j/socketio/smoketest/PerformanceTestRunner.java#L155
Result of `File.mkdirs()` is ignored
|
|
Number of placeholders does not match number of arguments in logging call:
netty-socketio-smoke-test/src/main/java/com/socketio4j/socketio/smoketest/SystemInfo.java#L90
More arguments provided (1) than placeholders specified (0)
|
|
Pointless arithmetic expression:
netty-socketio-core/src/main/java/com/socketio4j/socketio/transport/NamespaceClient.java#L160
`prime * result + 0` can be replaced with 'prime \* result'
|
|
Pointless arithmetic expression:
netty-socketio-core/src/main/java/com/socketio4j/socketio/transport/NamespaceClient.java#L155
`prime * result + 0` can be replaced with 'prime \* result'
|
|
Unnecessary 'null' check before method call:
netty-socketio-core/src/main/java/com/socketio4j/socketio/handler/EncoderHandler.java#L109
Unnecessary 'null' check before 'equals()' call
|
|
Vulnerable declared dependency:
netty-socketio-core/pom.xml#L139
Provides transitive vulnerable dependency maven:org.yaml:snakeyaml:1.23
* [CVE-2022-1471](https://www.mend.io/vulnerability-database/CVE-2022-1471?utm_source=JetBrains) 8.3 Deserialization of Untrusted Data
* [CVE-2017-18640](https://www.mend.io/vulnerability-database/CVE-2017-18640?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-25857](https://www.mend.io/vulnerability-database/CVE-2022-25857?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-38752](https://www.mend.io/vulnerability-database/CVE-2022-38752?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38751](https://www.mend.io/vulnerability-database/CVE-2022-38751?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38750](https://www.mend.io/vulnerability-database/CVE-2022-38750?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38749](https://www.mend.io/vulnerability-database/CVE-2022-38749?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-41854](https://www.mend.io/vulnerability-database/CVE-2022-41854?utm_source=JetBrains) 5.8 Out-of-bounds Write
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-micronaut/pom.xml#L90
Provides transitive vulnerable dependency maven:org.yaml:snakeyaml:1.23
* [CVE-2022-1471](https://www.mend.io/vulnerability-database/CVE-2022-1471?utm_source=JetBrains) 8.3 Deserialization of Untrusted Data
* [CVE-2017-18640](https://www.mend.io/vulnerability-database/CVE-2017-18640?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-25857](https://www.mend.io/vulnerability-database/CVE-2022-25857?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-38752](https://www.mend.io/vulnerability-database/CVE-2022-38752?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38751](https://www.mend.io/vulnerability-database/CVE-2022-38751?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38750](https://www.mend.io/vulnerability-database/CVE-2022-38750?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38749](https://www.mend.io/vulnerability-database/CVE-2022-38749?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-41854](https://www.mend.io/vulnerability-database/CVE-2022-41854?utm_source=JetBrains) 5.8 Out-of-bounds Write
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-smoke-test/pom.xml#L46
Provides transitive vulnerable dependency maven:org.yaml:snakeyaml:1.23
* [CVE-2022-1471](https://www.mend.io/vulnerability-database/CVE-2022-1471?utm_source=JetBrains) 8.3 Deserialization of Untrusted Data
* [CVE-2017-18640](https://www.mend.io/vulnerability-database/CVE-2017-18640?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-25857](https://www.mend.io/vulnerability-database/CVE-2022-25857?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-38752](https://www.mend.io/vulnerability-database/CVE-2022-38752?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38751](https://www.mend.io/vulnerability-database/CVE-2022-38751?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38750](https://www.mend.io/vulnerability-database/CVE-2022-38750?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38749](https://www.mend.io/vulnerability-database/CVE-2022-38749?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-41854](https://www.mend.io/vulnerability-database/CVE-2022-41854?utm_source=JetBrains) 5.8 Out-of-bounds Write
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-smoke-test/pom.xml#L35
Provides transitive vulnerable dependency maven:org.json:json:20090211
* [WS-2017-3805](https://www.mend.io/vulnerability-database/WS-2017-3805?utm_source=JetBrains) 7.5 Uncontrolled Resource Consumption ('Resource Exhaustion')
* [CVE-2022-45688](https://www.mend.io/vulnerability-database/CVE-2022-45688?utm_source=JetBrains) 7.5 Out-of-bounds Write
* [CVE-2023-5072](https://www.mend.io/vulnerability-database/CVE-2023-5072?utm_source=JetBrains) 7.5 Allocation of Resources Without Limits or Throttling
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-core/pom.xml#L134
Provides transitive vulnerable dependency maven:org.json:json:20090211
* [WS-2017-3805](https://www.mend.io/vulnerability-database/WS-2017-3805?utm_source=JetBrains) 7.5 Uncontrolled Resource Consumption ('Resource Exhaustion')
* [CVE-2022-45688](https://www.mend.io/vulnerability-database/CVE-2022-45688?utm_source=JetBrains) 7.5 Out-of-bounds Write
* [CVE-2023-5072](https://www.mend.io/vulnerability-database/CVE-2023-5072?utm_source=JetBrains) 7.5 Allocation of Resources Without Limits or Throttling
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-spring-boot-starter/pom.xml#L56
Provides transitive vulnerable dependency maven:org.yaml:snakeyaml:1.23
* [CVE-2022-1471](https://www.mend.io/vulnerability-database/CVE-2022-1471?utm_source=JetBrains) 8.3 Deserialization of Untrusted Data
* [CVE-2017-18640](https://www.mend.io/vulnerability-database/CVE-2017-18640?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-25857](https://www.mend.io/vulnerability-database/CVE-2022-25857?utm_source=JetBrains) 7.5 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
* [CVE-2022-38752](https://www.mend.io/vulnerability-database/CVE-2022-38752?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38751](https://www.mend.io/vulnerability-database/CVE-2022-38751?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38750](https://www.mend.io/vulnerability-database/CVE-2022-38750?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-38749](https://www.mend.io/vulnerability-database/CVE-2022-38749?utm_source=JetBrains) 6.5 Out-of-bounds Write
* [CVE-2022-41854](https://www.mend.io/vulnerability-database/CVE-2022-41854?utm_source=JetBrains) 5.8 Out-of-bounds Write
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-micronaut/pom.xml#L85
Provides transitive vulnerable dependency maven:org.json:json:20090211
* [WS-2017-3805](https://www.mend.io/vulnerability-database/WS-2017-3805?utm_source=JetBrains) 7.5 Uncontrolled Resource Consumption ('Resource Exhaustion')
* [CVE-2022-45688](https://www.mend.io/vulnerability-database/CVE-2022-45688?utm_source=JetBrains) 7.5 Out-of-bounds Write
* [CVE-2023-5072](https://www.mend.io/vulnerability-database/CVE-2023-5072?utm_source=JetBrains) 7.5 Allocation of Resources Without Limits or Throttling
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-spring-boot-starter/pom.xml#L51
Provides transitive vulnerable dependency maven:org.json:json:20090211
* [WS-2017-3805](https://www.mend.io/vulnerability-database/WS-2017-3805?utm_source=JetBrains) 7.5 Uncontrolled Resource Consumption ('Resource Exhaustion')
* [CVE-2022-45688](https://www.mend.io/vulnerability-database/CVE-2022-45688?utm_source=JetBrains) 7.5 Out-of-bounds Write
* [CVE-2023-5072](https://www.mend.io/vulnerability-database/CVE-2023-5072?utm_source=JetBrains) 7.5 Allocation of Resources Without Limits or Throttling
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerable declared dependency:
netty-socketio-spring-boot-starter/pom.xml#L22
Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.2.7.Final
* [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-core/pom.xml#L134
Provides transitive vulnerable dependency maven:com.squareup.okhttp3:okhttp:3.12.12
* [CVE-2023-0833](https://www.mend.io/vulnerability-database/CVE-2023-0833?utm_source=JetBrains) 4.7 Generation of Error Message Containing Sensitive Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-spring-boot-starter/pom.xml#L51
Provides transitive vulnerable dependency maven:com.squareup.okio:okio:1.15.0
* [CVE-2023-3635](https://www.mend.io/vulnerability-database/CVE-2023-3635?utm_source=JetBrains) 5.9 Incorrect Conversion between Numeric Types
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-micronaut/pom.xml#L34
Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.2.7.Final
* [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-core/pom.xml#L134
Provides transitive vulnerable dependency maven:com.squareup.okio:okio:1.15.0
* [CVE-2023-3635](https://www.mend.io/vulnerability-database/CVE-2023-3635?utm_source=JetBrains) 5.9 Incorrect Conversion between Numeric Types
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-quarkus/netty-socketio-quarkus-runtime/pom.xml#L16
Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.2.7.Final
* [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-quarkus/netty-socketio-quarkus-deployment/pom.xml#L16
Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.2.7.Final
* [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-smoke-test/pom.xml#L35
Provides transitive vulnerable dependency maven:com.squareup.okio:okio:1.15.0
* [CVE-2023-3635](https://www.mend.io/vulnerability-database/CVE-2023-3635?utm_source=JetBrains) 5.9 Incorrect Conversion between Numeric Types
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-spring-boot-starter/pom.xml#L51
Provides transitive vulnerable dependency maven:com.squareup.okhttp3:okhttp:3.12.12
* [CVE-2023-0833](https://www.mend.io/vulnerability-database/CVE-2023-0833?utm_source=JetBrains) 4.7 Generation of Error Message Containing Sensitive Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-micronaut/pom.xml#L85
Provides transitive vulnerable dependency maven:com.squareup.okhttp3:okhttp:3.12.12
* [CVE-2023-0833](https://www.mend.io/vulnerability-database/CVE-2023-0833?utm_source=JetBrains) 4.7 Generation of Error Message Containing Sensitive Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-core/pom.xml#L77
Dependency maven:com.hazelcast:hazelcast:5.2.5 is vulnerable , safe version 5.3.5
* [CVE-2023-33264](https://www.mend.io/vulnerability-database/CVE-2023-33264?utm_source=JetBrains) 4.3 Insufficiently Protected Credentials
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-smoke-test/pom.xml#L35
Provides transitive vulnerable dependency maven:com.squareup.okhttp3:okhttp:3.12.12
* [CVE-2023-0833](https://www.mend.io/vulnerability-database/CVE-2023-0833?utm_source=JetBrains) 4.7 Generation of Error Message Containing Sensitive Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-micronaut/pom.xml#L85
Provides transitive vulnerable dependency maven:com.squareup.okio:okio:1.15.0
* [CVE-2023-3635](https://www.mend.io/vulnerability-database/CVE-2023-3635?utm_source=JetBrains) 5.9 Incorrect Conversion between Numeric Types
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-spring/pom.xml#L21
Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.2.7.Final
* [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|
|
Vulnerable declared dependency:
netty-socketio-smoke-test/pom.xml#L21
Provides transitive vulnerable dependency maven:io.netty:netty-codec-http:4.2.7.Final
* [CVE-2025-67735](https://www.mend.io/vulnerability-database/CVE-2025-67735?utm_source=Jetbrains) 6.5 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
|