SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 32

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 33

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: interim save

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0a1f48210cf1102b-ff360d55-47fd40a5-b7dda9aa-8acf46b7a38c42af7af26860"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Privilege Sandbox Issues [java:XYO]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE ID 272, "Least Privilege Violation"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c2ff61e28d20ce47-f856b55d-45014876-a228bf1b-3fa0681c691b58c507cf0e5b"><ac:plain-text-body><![CDATA[

[java:[API 2006

AA. Bibliography#API 06]]

Class java.security.AccessController

]]></ac:plain-text-body></ac:structured-macro>

...

SEC01-J. Do not allow tainted variables in doPrivileged blocksImage Added      14. Platform Security (SEC)      SEC03-J. Protect sensitive operations with security manager checks