Guidelines
OBJ00-J. Declare data members private
OBJ01-J. Be aware that a final reference may not always refer to immutable data
OBJ02-J. Do not ignore return values of methods that operate on immutable objects
OBJ03-J. Do not use public static non-final variables
OBJ04-J. Do not allow partially initialized objects to be accessed
OBJ05-J. Limit the extensibility of non-final classes and methods to only trusted subclasses
OBJ06-J. Compare classes and not class names
OBJ07-J. Understand how a superclass can affect a subclass
OBJ08-J. Avoid using finalizers
OBJ09-J. Immutable classes must prohibit extension
OBJ11-J. Defensively copy private mutable class members before returning their references
OBJ12-J. Use checked collections against external code
OBJ13-J. Write garbage collection friendly code
OBJ14-J. Encapsulate the absence of an object by using a Null Object
Risk Assessment Summary
Recommendations
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ00- J | medium | likely | medium | P12 | L1 |
OBJ01- J | medium | probable | high | P4 | L3 |
OBJ02- J | medium | probable | medium | P8 | L2 |
OBJ03- J | low | probable | medium | P4 | L3 |
OBJ04- J | low | probable | high | P2 | L3 |
OBJ05- J | low | likely | high | P3 | L3 |
Rules
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ30- J | low | unlikely | medium | P2 | L3 |
OBJ31- J | medium | probable | medium | P8 | L2 |
OBJ32- J | high | probable | medium | P12 | L1 |
OBJ33- J | medium | likely | medium | P12 | L1 |
OBJ34- J | medium | unlikely | low | P6 | L2 |
OBJ35- J | low | probable | medium | P4 | L3 |
OBJ36- J | low | likely | medium | P6 | L2 |
OBJ37- J | high | probable | medium | P12 | L1 |
OBJ38- J | medium | probable | low | P12 | L1 |
FLP08-J. Avoid using decimal literals in BigDecimal constructor The CERT Sun Microsystems Secure Coding Standard for Java OBJ00-J. Declare data members private