QP21 Java Style Guide Presence
What this means
SiteShadow flagged missing Java style configuration (Checkstyle/Spotless/formatter config) or missing enforcement signals.
Why it matters
Style configuration enforces consistent code practices.
- Noisy diffs hide logic changes during review.
- Inconsistent patterns make security auditing harder.
- Higher defect rate as codebase grows without guardrails.
Safer examples
1) Add a Java formatter / style tool
Use Checkstyle/Spotless/Google Java Format, and commit the config.
2) Enforce style in CI
Fail builds when formatting/lint checks fail (see QP02 / QP15).
3) Keep rules consistent across modules
In multi-module projects, share a single config to avoid drift.
How SiteShadow detects it (high level)
- Detects absence of common Java style config and enforcement in build/CI workflows.
- Flags Java repos where code quality gates appear missing.
References
- OWASP Top 10: https://owasp.org/Top10/
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.