SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 88

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 89

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup

...

" ac:schema-version="1" ac:macro-id="138474f2-67ec-4e9b-b3bd-4a01b1674eb8"><ac:plain-text-body><![CDATA[

[[CVE

...

2008

...

AA.

...

Bibliography#CVE

...

08]

...

]

...

[CVE-2009-0783

...

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783

...

]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9d3c3a9f-f9ab-4967-8bdc-6d2587f1d033"><ac:plain-text-body><![CDATA[

[[Gong

...

2003

...

AA.

...

Bibliography#Gong

...

03]

...

]

...

Section

...

4.3.2,

...

Class

...

Loader

...

Delegation

...

Hierarchy

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="71bbca28-98f8-46be-a9f9-f3f94fc4251f"><ac:plain-text-body><![CDATA[

[[JLS 2005

AA. Bibliography#JLS 05]]

Section 4.3.2,

...

"The

...

Class

...

Object"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c1e27ad8-9c48-46e1-a8c5-d697903a650d"><ac:plain-text-body><![CDATA[

[[SCG 2007

AA. Bibliography#SCG 07]]

Guideline 6-2 Safely invoke standard APIs that bypass SecurityManager checks depending on the immediate caller's class loader

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="47780282-2a17-4acd-86e4-71f113fb9dba"><ac:plain-text-body><![CDATA[

[[Tomcat 2009

AA. Bibliography#Tomcat 09]]

[Bug ID 29936

https://issues.apache.org/bugzilla/show_bug.cgi?id=29936],

...

API

...

Class

...

org.apache.tomcat.util.digester.Digester

...

,

...

[Security

...

fix

...

in

...

v

...

6.0.20

...

http://tomcat.apache.org/security-6.html]

]]></ac:plain-text-body></ac:structured-macro>

...

SEC03-J. Do not allow tainted variables in doPrivileged blocks      14. Platform Security (SEC)      SEC05-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code