Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Guidelines

FIO04FIO00-J. Canonicalize path names before validating Defensively copy mutable inputs and mutable internal components

FIO01FIO10-J. Do not let Runtime.execexpose buffers created using the wrap() fail or block indefinitelyor duplicate() methods to untrusted code

FIO02-J. Keep track of bytes read and account for character encoding while reading data

FIO03-J. Specify the character encoding while performing file or network IO

FIO08FIO04-J. Do not log sensitive information Canonicalize path names before validating

FIO05-J. Do not create multiple buffered wrappers on an InputStream FIO00-J. Defensively copy mutable inputs and mutable internal components

FIO06-J. Ensure all resources are properly closed when they are no longer needed FIO09-J. Exclude user input from format strings

FIO07-J. Do not create temporary files in shared directories

FIO35FIO08-J. Reserved (moved to SDV00)

FIO05-J. Do not create multiple buffered wrappers on an InputStream

Do not log sensitive information

FIO09-J. Exclude user input from format strings

FIO10FIO01-J. Do not expose buffers created using the wraplet Runtime.exec() or duplicate() methods to untrusted codefail or block indefinitely

FIO35-J. Reserved (moved to SDV00)

Risk Assessment Summary

Recommendations

...