SonarSource Rules

Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Flex static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your FLEX code

Security Hotspot1

Tags

Impact

Clean code attribute

The "trace" function should not be used
Vulnerability
Security.allowDomain(...) should only be used in a tightly focused manner
Vulnerability
The flash.system.Security.exactSettings property should never be set to false
Vulnerability
"LocalConnection" should be configured to narrowly specify the domains with which local connections to other Flex application are allowed
Vulnerability
"Alert.show(...)" should not be used
Vulnerability

The flash.system.Security.exactSettings property should never be set to false

intentionality - complete

security

Vulnerability

This rule is deprecated, and will eventually be removed.

Why is this an issue?

The Security.exactSettings value should remain set at the default value of true. Setting this value to false could make the SWF vulnerable to cross-domain attacks.

Noncompliant code example

Security.exactSettings = false;

Compliant solution

Security.exactSettings = true;

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Available Since
9.1

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1