SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 107

changes.mady.by.user Pennie Walters

Saved on

compared with

New Version 108

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

Guidelines

FIO00-J. Defensively copy mutable inputs and mutable internal components

FIO01-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code

FIO02-J. Keep track of bytes read and account for character encoding while reading data

FIO03-J. Specify the character encoding while performing file or network IO

FIO04-J. Canonicalize path names before validating

FIO05-J. Do not create multiple buffered wrappers on an InputStream

FIO06-J. Ensure all resources are properly closed when they are no longer needed

FIO07-J. Do not create temporary files in shared directories

FIO08-J. Do not log sensitive information

FIO09-J. Exclude user input from format strings

FIO10-J. Do not let Runtime.exec() fail or block indefinitely

FIO35-J. Reserved (moved to SDV00)

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO00- J

medium

unlikely

medium

P4

L3

FIO01- J

low

probable

medium

P4

L3

FIO02- J

low

unlikely

medium

P2

L3

FIO03- J

low

unlikely

medium

P2

L3

Rules

Rules

Severity

Likelihood

Remediation Cost

Priority

Level

FIO30- J

medium

probable

high

P4

L3

FIO31- J

medium

probable

high

P4

L3

FIO32- J

low

probable

medium

P4

L3

FIO33- J

medium

unlikely

medium

P4

L3

FIO34- J

high

probable

medium

P12

L1

FIO36- J

low

unlikely

medium

P2

L3

FIO37- J

medium

likely

low

P18

L1

OBJ09-J. Immutable classes must prohibit extension      The CERT Sun Microsystems Secure Coding Standard for Java      FIO04-J. Canonicalize path names before validating