What kind of security vulnerabilities are you looking for? Of the OWASP Top 10, I think only XSS could be detected by static analysis, looking for any call to unsafe methods, making sure you're using SafeHtml et al. everywhere (and SafeHtmlUtils.fromSafeConstant and SafeHtmlUtils.fromTrustedString, and similar SafeStylesUtils and UriUtils methods, would still have to be manually inspected). I believe Google has some ErrorProne check for that (which would respect @SuppressIsSafeHtmlCastCheck et al.), but I don't think they opensourced it.
On Friday, September 10, 2021 at 8:09:53 AM UTC+2 Niraj Salot wrote: > Which tools can be used to Scan the GWT Source Code for doing Security > Scan? > > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/08e86502-eccc-48e9-ae25-fb964e2e4bf1n%40googlegroups.com.
