Android Java
This article covers Android Java support and vulnerability detection for Mend SAST.
Mend SAST-supported Android Java file types
**Note: These extensions are marked as ‘Secondary’ file extensions.
They will only be scanned if at least one file with any of the other ‘Primary’ file extensions is present to identify the language as the relevant language.
File Type |
|---|
.java** |
.kt |
.ktm |
.kts |
Mend SAST-supported Android Java frameworks
Frameworks |
|---|
N/A |
Mend SAST-supported Android Java vulnerability types
The Android Java vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.
Android Java high-severity vulnerability types
CWE | Vulnerability Type |
CWE-89 | External Data In SQL Queries |
CWE-94 | Arbitrary Code Injection |
Android Java medium-severity vulnerability types
CWE | Vulnerability Type |
CWE-200 | Insecure Data Storage |
CWE-200 | Shared Preferences Usage |
CWE-200 | Location Information |
CWE-209 | Log Messages |
CWE-244 | Heap Inspection |
CWE-295 | Man-in-the-Middle Attack |
CWE-319 | Insufficient Transport Layer Protection |
CWE-338 | Weak Pseudo-Random |
CWE-676 | Miscellaneous Dangerous Functions |
CWE-749 | WebView Implementation |
CWE-798 | Hardcoded Password/Credentials |
CWE-926 | Intents Usage |
Android Java low-severity vulnerability types
CWE | Vulnerability Type |
CWE-16 | Application Configuration |
CWE-326 | Weak Encryption Strength |
CWE-676 | External URL Access |