alejolagosm
commented
7 months ago Hi @ndreisg Thanks for using the tool and reporting the problem. We believe you are correct and we'll make sure to correct it as soon as possible, I have opened an issue about this here: https://gitlab.com/fluidattacks/universe/-/issues/11348
In the future, please open issues in the official repository of the scanner (https://gitlab.com/fluidattacks/universe)
The SAST test for my Android app reports CWE-310 for the following line of code:
SSLContext sslContext = SSLContext.getInstance(""TLS"");This is a false positive.
More info on why this is a false positive can be found in this issue: https://community.sonarsource.com/t/conflicting-rules-for-vulnerable-use-of-javas-sslcontext/3322