SonarSource Rules

Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Flex static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your FLEX code

Security Hotspot1

Tags

Impact

Clean code attribute

Security.allowDomain(...) should only be used in a tightly focused manner
Vulnerability
The flash.system.Security.exactSettings property should never be set to false
Vulnerability
"LocalConnection" should be configured to narrowly specify the domains with which local connections to other Flex application are allowed
Vulnerability
The "trace" function should not be used
Vulnerability
"Alert.show(...)" should not be used
Vulnerability

The flash.system.Security.exactSettings property should never be set to false

intentionality - complete

security

Vulnerability

BlockerSonarSource default severity
click to learn more

This rule is deprecated, and will eventually be removed.

Why is this an issue?

The Security.exactSettings value should remain set at the default value of true. Setting this value to false could make the SWF vulnerable to cross-domain attacks.

Noncompliant code example

Security.exactSettings = false;

Compliant solution

Security.exactSettings = true;

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI