...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| The Checker Framework |
| Tainting Checker | Trust and security errors (see Chapter 8) | ||||||
| CodeSonar |
| JAVA.IO.INJ.COMMAND | Command Injection (Java) | ||||||
| Coverity | 7.5 | OS_CMD_INJECTION | Implemented | ||||||
| Klocwork |
| SV.EXEC SV.EXEC.DIR SV.EXEC.ENV SV.EXEC.LOCAL SV.EXEC.PATH | |||||||
| Parasoft Jtest |
| CERT.IDS07.EXEC | Do not use 'Runtime.exec()' | ||||||
| SonarQube |
| OS commands should not be vulnerable to injection attacks |
...