Search

Help

Page 9 of 13. Showing 123 results (0.009 seconds)

  1. ERR03-J. Restore prior object state on method failure

    -= PADDING; // Revert return volume; } catch (Throwable t) { MyExceptionReporter mer = new MyExceptionReporter(); mer.report(t); // Sanitize … MyExceptionReporter(); mer.report(t); // Sanitize length -= PADDING; width -= PADDING; height -= PADDING; // Revert return -1; } Compliant Solution (finally
  2. IDS17-J. Prevent XML External Entity Attacks

    (java.net.MalformedURLException mue) { System.err.println("Malformed URL Exception: " + mue); } } } Risk Assessment Failure to sanitize user input before processing … Guidelines SEI CERT C Coding Standard STR02-C. Sanitize data passed to complex subsystems SEI CERT C++ Coding Standard VOID STR02-CPP. Sanitize data
  3. Top 10 Secure Coding Practices

    . This approach reduces the opportunities an attacker has to execute arbitrary code with elevated privileges [Saltzer 74, Saltzer 75]. Sanitize data sent to other systems. Sanitize all data passed to complex subsystems [C STR02-A] such as command shells, relational databases, and commercial off-the-shelf (COTS) components
    CERT Secure CodingMay 02, 2018
  4. IDS50-J. Use conservative file naming conventions

    Example This noncompliant code example creates a file with input from the user without sanitizing the input. public static void main(String[] args) throws Exception … https://www.securecoding.cert.org/confluence/display/seccode/AA.+Bibliography#AA.Bibliography-VU439395]     Rec. 00. Input Validation and Data Sanitization
  5. ENV02-J. Do not trust the values of environment variables

    than their environment must assume that the values of environment variables are untrusted and must sanitize and validate any environment variable values before … be overridden by properties from untrusted sources, such as a configuration file. System properties from untrusted sources must be sanitized and validated before use
  6. ERR01-J. Do not allow exceptions to expose sensitive information

    (Sanitized Exception) This noncompliant code example logs the exception and throws a custom exception that does not wrap the FileNotFoundException: class … of possible file names. File names that cause the program to return the sanitized exception indicate nonexistent files, whereas file names that do not return
  7. TPS01-J. Do not execute interdependent tasks in a bounded thread pool

    to sanitize the input by creating a subtask for each request using the SanitizeInput class. All tasks are executed in the same thread pool. The fieldAggregator() method … Callable<V> { private final V input; SanitizeInput(V input) { this.input = input; } @Override public V call() throws Exception { // Sanitize input
  8. CodeSonar

    () https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177 IO.INJ.COMMAND STR02-C. Sanitize data passed to complex … STR02-C. Sanitize data passed to complex subsystems https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152409
  9. IDS01-J. Normalize strings before validating them

    are a useful part of a security strategy, even though they are insufficient for complete input validation and sanitization. Character information in Java is based … http://www.lookout.net/wp-content/uploads/2009/03/chris_weber_exploiting-unicode-enabled-software-v15.pdf   IDS00-J. Prevent SQL injection      Rule 00. Input Validation and Data Sanitization (IDS)      IDS02-J. Canonicalize path
  10. SonarQube

    https://rules.sonarsource.com/java/RSPEC-2076 IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method … https://rules.sonarsource.com/java/RSPEC-2631 IDS08-J. Sanitize untrusted data included in a regular expression