This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 2024.1

Checker

Guideline

CERT.DCL00.ACD DCL00-J. Prevent class initialization cycles
CERT.DCL02.ITMOD DCL02-J. Do not modify the collection's elements during an enhanced for statement
CERT.DCL51.HMF DCL51-J. Do not shadow or obscure identifiers in subscopes
CERT.DCL52.MVOS DCL52-J. Do not declare more than one variable per declaration
CERT.DCL57.OVAM DCL57-J. Avoid ambiguous overloading of variable arity methods
CERT.DCL60.ACD DCL60-J. Avoid cyclic dependencies between packages
CERT.ENV02.ENV ENV02-J. Do not trust the values of environment variables
CERT.ERR00.LGE ERR00-J. Do not suppress or ignore checked exceptions
CERT.ERR00.UCATCH ERR00-J. Do not suppress or ignore checked exceptions
CERT.ERR01.ACPST ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR01.ACW ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR01.CETS ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR03.REVOBJ ERR03-J. Restore prior object state on method failure
CERT.ERR04.ARCF ERR04-J. Do not complete abruptly from a finally block
CERT.ERR04.ATSF ERR04-J. Do not complete abruptly from a finally block
CERT.ERR05.ARCF ERR05-J. Do not let checked exceptions escape from a finally block
CERT.ERR05.ATSF ERR05-J. Do not let checked exceptions escape from a finally block
CERT.ERR07.NTERR ERR07-J. Do not throw RuntimeException, Exception, or Throwable
CERT.ERR07.NTX ERR07-J. Do not throw RuntimeException, Exception, or Throwable
CERT.ERR08.NCNPE ERR08-J. Do not catch NullPointerException or any of its ancestors
CERT.ERR09.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
CERT.ERR09.JVM ERR09-J. Do not allow untrusted code to terminate the JVM
CERT.ERR51.NCE ERR51-J. Prefer user-defined exceptions over more general exception types
CERT.ERR54.CLFIN ERR54-J. Use a try-with-resources statement to safely handle closeable resources
CERT.EXP00.AECB EXP00-J. Do not ignore values returned by methods
CERT.EXP00.NASSIG EXP00-J. Do not ignore values returned by methods
CERT.EXP01.NCMD EXP01-J. Do not use a null in a case where an object is required
CERT.EXP01.NP EXP01-J. Do not use a null in a case where an object is required
CERT.EXP02.UEIC EXP02-J. Do not use the Object.equals() method to compare two arrays
CERT.EXP03.UEIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
CERT.EXP05.CID EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
CERT.EXP50.UEIC EXP50-J. Do not confuse abstract object equality with reference equality
CERT.EXP51.ASI EXP51-J. Do not perform assignments in conditional expressions
CERT.EXP52.BLK EXP52-J. Use braces for the body of an if, for, or while statement
CERT.EXP53.APAREN EXP53-J. Use parentheses for precedence of operation
CERT.EXP55.COMT EXP55-J. Use the same type for the second and third operands in conditional expressions
CERT.FIO03.ATF FIO03-J. Remove temporary files before termination
CERT.FIO03.REMTMP FIO03-J. Remove temporary files before termination
CERT.FIO04.CCR FIO04-J. Release resources when they are no longer needed
CERT.FIO04.CIO FIO04-J. Release resources when they are no longer needed
CERT.FIO04.LEAKS FIO04-J. Release resources when they are no longer needed
CERT.FIO05.BUFEXP FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code
CERT.FIO06.MULBUF FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream
CERT.FIO07.EXEC FIO07-J. Do not let external processes block on IO buffers
CERT.FIO08.CRRV FIO08-J. Distinguish between characters or bytes read from a stream and -1
CERT.FIO09.ARGWRITE FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
CERT.FIO12.PMRWLED FIO12-J. Provide methods to read and write little-endian data
CERT.FIO13.CONSEN FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13.LHII FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13.PEO FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13.SENS FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO14.CCR FIO14-J. Perform proper cleanup at program termination
CERT.FIO14.CIO FIO14-J. Perform proper cleanup at program termination
CERT.FIO14.CRWD FIO14-J. Perform proper cleanup at program termination
CERT.FIO16.CDBV FIO16-J. Canonicalize path names before validating them
CERT.IDS00.TDSQL IDS00-J. Prevent SQL injection
CERT.IDS03.TDLOG IDS03-J. Do not log unsanitized user input
CERT.IDS06.VAFS IDS06-J. Exclude unsanitized user input from format strings
CERT.IDS07.EXEC IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
CERT.IDS11.VPPD IDS11-J. Perform any string modifications before validation
CERT.IDS16.TDXML IDS16-J. Prevent XML Injection
CERT.IDS51.TDRESP IDS51-J. Properly encode or escape output
CERT.IDS51.TDXSS IDS51-J. Properly encode or escape output
CERT.IDS52.TDCODE IDS52-J. Prevent code injection
CERT.IDS53.TDJXPATH IDS53-J. Prevent XPath Injection
CERT.IDS53.TDXPATH IDS53-J. Prevent XPath Injection
CERT.IDS54.TDLDAP IDS54-J. Prevent LDAP injection
CERT.JNI00.NATIW JNI00-J. Define wrappers around native methods
CERT.LCK00.SOPF LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
CERT.LCK01.SCS LCK01-J. Do not synchronize on objects that may be reused
CERT.LCK02.SGC LCK02-J. Do not synchronize on the class object returned by getClass()
CERT.LCK04.SOBC LCK04-J. Do not synchronize on a collection view if the backing collection is accessible
CERT.LCK05.IASF LCK05-J. Synchronize access to static fields that can be modified by untrusted code
CERT.LCK06.INSTLOCK LCK06-J. Do not use an instance lock to protect shared static data
CERT.LCK07.LORD LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
CERT.LCK08.LOCK LCK08-J. Ensure actively held locks are released on exceptional conditions
CERT.LCK08.RLF LCK08-J. Ensure actively held locks are released on exceptional conditions
CERT.LCK09.TSHL LCK09-J. Do not perform operations that can block while holding a lock
CERT.LCK09.TSHL2 LCK09-J. Do not perform operations that can block while holding a lock
CERT.LCK10.DCL LCK10-J. Use a correct form of the double-checked locking idiom
CERT.MET02.DPRAPI MET02-J. Do not use deprecated or obsolete classes or methods
CERT.MET02.THRD MET02-J. Do not use deprecated or obsolete classes or methods
CERT.MET04.OPM MET04-J. Do not increase the accessibility of overridden or hidden methods
CERT.MET06.CLONE MET06-J. Do not invoke overridable methods in clone()
CERT.MET07.AHSM MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
CERT.MET08.EQREFL MET08-J. Preserve the equality contract when overriding the equals() method
CERT.MET09.OVERRIDE MET09-J. Classes that define an equals() method must also define a hashCode() method
CERT.MET11.IKICO MET11-J. Ensure that keys used in comparison operations are immutable
CERT.MET12.EF MET12-J. Do not use finalizers
CERT.MET12.FCF MET12-J. Do not use finalizers
CERT.MET12.FCSF MET12-J. Do not use finalizers
CERT.MET12.FM MET12-J. Do not use finalizers
CERT.MET12.IFF MET12-J. Do not use finalizers
CERT.MET12.MFP MET12-J. Do not use finalizers
CERT.MET12.MNDF MET12-J. Do not use finalizers
CERT.MET12.NCF MET12-J. Do not use finalizers
CERT.MET12.OF MET12-J. Do not use finalizers
CERT.MET50.OVERLOAD MET50-J. Avoid ambiguous or confusing uses of overloading
CERT.MET52.CIFC MET52-J. Do not use the clone() method to copy untrusted method parameters
CERT.MET53.SCLONE MET53-J. Ensure that the clone() method calls super.clone()
CERT.MSC01.EB MSC01-J. Do not use an empty infinite loop
CERT.MSC03.AHCA MSC03-J. Never hard code sensitive information
CERT.MSC03.HCCK MSC03-J. Never hard code sensitive information
CERT.MSC03.HCCS MSC03-J. Never hard code sensitive information
CERT.MSC04.LEAKS MSC04-J. Do not leak memory
CERT.MSC06.ITMOD MSC06-J. Do not modify the underlying collection when an iteration is in progress
CERT.MSC07.ILI MSC07-J. Prevent multiple instantiations of singleton objects
CERT.MSC52.SBC MSC52-J. Finish every set of statements associated with a case label with a break statement
CERT.MSC56.CC MSC56-J. Detect and remove superfluous code and values
CERT.MSC56.SWITCH MSC56-J. Detect and remove superfluous code and values
CERT.MSC56.VOVR MSC56-J. Detect and remove superfluous code and values
CERT.MSC57.PDCL MSC57-J. Strive for logical completeness
CERT.MSC57.PDS MSC57-J. Strive for logical completeness
CERT.MSC60.ASSERT MSC60-J. Do not use assertions to verify the absence of runtime errors
CERT.MSC61.AISSAJAVA MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.AISSAXML MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.CKTS MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.HCCK MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.ICA MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC62.PCCF MSC62-J. Store passwords using a hash function
CERT.MSC62.PLAIN MSC62-J. Store passwords using a hash function
CERT.MSC62.PTPT MSC62-J. Store passwords using a hash function
CERT.MSC62.PWDPROP MSC62-J. Store passwords using a hash function
CERT.MSC62.PWDXML MSC62-J. Store passwords using a hash function
CERT.MSC62.UTAX MSC62-J. Store passwords using a hash function
CERT.MSC62.WCPWD MSC62-J. Store passwords using a hash function
CERT.MSC62.WPWD MSC62-J. Store passwords using a hash function
CERT.NUM00.BSA NUM00-J. Detect or prevent integer overflow
CERT.NUM00.CACO NUM00-J. Detect or prevent integer overflow
CERT.NUM00.ICO NUM00-J. Detect or prevent integer overflow
CERT.NUM01.BADSHIFT NUM01-J. Do not perform bitwise and arithmetic operations on the same data
CERT.NUM01.NCBAV NUM01-J. Do not perform bitwise and arithmetic operations on the same data
CERT.NUM02.ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
CERT.NUM04.UBD NUM04-J. Do not use floating-point numbers if precise computation is required
CERT.NUM07.NAN NUM07-J. Do not attempt comparisons with NaN
CERT.NUM08.FPEXC NUM08-J. Check floating-point inputs for exceptional values
CERT.NUM09.FPLI NUM09-J. Do not use floating-point variables as loop counters
CERT.NUM10.BBDCC NUM10-J. Do not construct BigDecimal objects from floating-point literals
CERT.NUM12.CLP NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
CERT.NUM13.AIC NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
CERT.NUM50.IDCD NUM50-J. Convert integers to floating point for floating-point operations
CERT.OBJ03.AGBPT OBJ03-J. Prevent heap pollution
CERT.OBJ04.CLONE OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.CPCL OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.MPT OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.MUCOP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.SMO OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ05.CPCL OBJ05-J. Do not return references to private mutable class members
CERT.OBJ05.MPT OBJ05-J. Do not return references to private mutable class members
CERT.OBJ05.MUCOP OBJ05-J. Do not return references to private mutable class members
CERT.OBJ05.SMO OBJ05-J. Do not return references to private mutable class members
CERT.OBJ06..MPT OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06.CPCL OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06.MUCOP OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06.SMO OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ07.MCNC OBJ07-J. Sensitive classes must not let themselves be copied
CERT.OBJ08.INNER OBJ08-J. Do not expose private members of an outer class from within a nested class
CERT.OBJ09.CMP OBJ09-J. Compare classes and not class names
CERT.OBJ10.RMO OBJ10-J. Do not use public static nonfinal fields
CERT.OBJ10.SPFF OBJ10-J. Do not use public static nonfinal fields
CERT.OBJ11.EPNFC OBJ11-J. Be wary of letting constructors throw exceptions
CERT.OBJ13.RMO OBJ13-J. Ensure that references to mutable objects are not exposed
CERT.OBJ51.DPAC OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPAF OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPAM OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPC OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPF OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPM OBJ51-J. Minimize the accessibility of classes and their members
CERT.SEC01.PRIVIL SEC01-J. Do not allow tainted variables in privileged blocks
CERT.SEC02.TDRFL SEC02-J. Do not base security checks on untrusted sources
CERT.SEC03.ACL SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
CERT.SEC04.SCF SEC04-J. Protect sensitive operations with security manager checks
CERT.SEC05.ARM SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CERT.SEC51.PCL SEC51-J. Minimize privileged code
CERT.SER00.DUID SER00-J. Enable serialization compatibility during class evolution
CERT.SER01.ROWO SER01-J. Do not deviate from the proper signatures of serialization methods
CERT.SER03.SIF SER03-J. Do not serialize unencrypted sensitive data
CERT.SER04.SCSER SER04-J. Do not allow serialization and deserialization to bypass the security manager
CERT.SER07.RRSC SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
CERT.SER09.VREADOBJ SER09-J. Do not invoke overridable methods from the readObject() method
CERT.SER11.IRX SER11-J. Prevent overwriting of externalizable objects
CERT.SER12.VOBD SER12-J. Prevent deserialization of untrusted data
CERT.STR00.COS STR00-J. Don't form strings containing partial characters from variable-width encodings
CERT.STR01.NCUCP STR01-J. Do not assume that a Java char fully represents a Unicode code point
CERT.STR02.CCL STR02-J. Specify an appropriate locale when comparing locale-dependent data
CERT.STR02.CTLC STR02-J. Specify an appropriate locale when comparing locale-dependent data
CERT.THI00.IRUN THI00-J. Do not invoke Thread.run()
CERT.THI01.AUTG THI01-J. Do not invoke ThreadGroup methods
CERT.THI02.ANF THI02-J. Notify all waiting threads rather than a single thread
CERT.THI03.UWIL THI03-J. Always invoke wait() and await() methods inside a loop
CERT.THI05.THRD THI05-J. Do not use Thread.stop() to terminate threads
CERT.TPS00.ISTART TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts
CERT.TSM00.OSNS TSM00-J. Do not override thread-safe methods with methods that are not thread-safe
CERT.TSM01.CTRE TSM01-J. Do not let the this reference escape during object construction
CERT.TSM02.CSTART TSM02-J. Do not use background threads during class initialization
CERT.VNA00.LORD VNA00-J. Ensure visibility when accessing shared primitive variables
CERT.VNA00.MRAV VNA00-J. Ensure visibility when accessing shared primitive variables
CERT.VNA02.MRAV VNA02-J. Ensure that compound operations on shared variables are atomic
CERT.VNA02.SSUG VNA02-J. Ensure that compound operations on shared variables are atomic
CERT.VNA03.MRAV VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
CERT.VNA03.SSUG VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
CRT.MSC02.SRD MSC02-J. Generate strong random numbers
SECURITY.WSC.USC MSC00-J. Use SSLSocket rather than Socket for secure data exchange