Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Recommendations

FIO00-J. Reserved (moved to SER)FIO01-J. Canonicalize path names originating from untrusted sources

FIO02FIO01-J. Use Runtime.exec() correctly

FIO03FIO02-J. Keep track of bytes read and account for character encoding while reading data

FIO04FIO03-J. Reserved Do not assume infinite heap space

FIO04FIO05-J. Document character encoding while performing file or network IO

FIO06-J. Reserved (moved to FIO rules)

FIO07-J. Do not assume infinite heap space

Rules

FIO30-J. Do not log sensitive information

FIO31-J. Create a Defensively copy of mutable inputs

FIO32-J. Reserved (moved to SER)

FIO33-J. Reserved (moved to SER)

and mutable internal components

FIO32FIO34-J. Ensure all resources are properly closed when they are no longer needed

FIO35FIO33-J. Exclude user input from format strings

FIO36FIO34-J. Reserved (moved to MSC31-J)FIO37-J. Create and delete temporary files safely

FIO38FIO35-J. Validate user input

FIO39FIO36-J. Do not create multiple buffered wrappers on an InputStream

...