SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 55

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC19 SEC09-J

high

probable

medium

P12

L1

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="04f460d659908bb4-06040204-44b743fe-9f5a9a3a-1879c5957d29cab5fe391d04"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 300

http://cwe.mitre.org/data/definitions/300.html] "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')"

]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 319 "Cleartext Transmission of Sensitive Information"

 

CWE ID 494 "Download of Code Without Integrity Check"

 

CWE ID 347 "Improper Verification of Cryptographic Signature"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d355a3a16985dd7a-864c3eb4-493b4961-bb15a61f-2b2f5086087c913240d94ce2"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b1739e843a96509a-3b57ae82-47c84a82-902f9a9e-3afe3091243d58663582b31a"><ac:plain-text-body><![CDATA[

[[Bea 2008

AA. Bibliography#Bea 08]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f602fe758229dd79-53bac1ce-4ce14d58-8abcaf41-9938c8b2aecf45274a54228b"><ac:plain-text-body><![CDATA[

[[Eclipse 2008

AA. Bibliography#Eclipse 08]]

[JAR Signing

http://wiki.eclipse.org/JAR_Signing] and [Signed bundles and protecting against malicious code

http://help.eclipse.org/stable/index.jsp?topic=/org.eclipse.platform.doc.isv/guide]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5c31360cfbf9e9c7-22a8c511-42aa4580-8aaebdea-a3e15671ba5c73e9f80e5129"><ac:plain-text-body><![CDATA[

[[Fairbanks 07

AA. Bibliography#Fairbanks 07]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ea1a60df987e6f63-d03ea36d-44d64eb3-bdd8b16e-2835a8bcaa41268df22c2cba"><ac:plain-text-body><![CDATA[

[[Flanagan 2005

AA. Bibliography#Flanagan 05]]

Chapter 24. The java.util.jar Package

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4c3e1919b6bd4178-952ee194-447d4481-a9b78265-79b5ca96c26b704ff0eddc25"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

12.8.3 jarsigner

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0a88c2faa5ce8d0b-83aaeabc-4b8b4764-97e2acb2-44687900addf3c4797a5384c"><ac:plain-text-body><![CDATA[

[[Halloway 2001

AA. Bibliography#Halloway 01]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d25cacffe0c6b955-d5d248ed-4a1c43ed-91c8875d-885ea4cfb6a7e9f04cd629a1"><ac:plain-text-body><![CDATA[

[[JarSpec 2008

AA. Bibliography#JarSpec 08]]

Signature Validation

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="eb0a9beb3398152d-14906321-43d14222-bf99b66f-98a03d8877c0ffc5164c4ce8"><ac:plain-text-body><![CDATA[

[[Oaks 2001

AA. Bibliography#Oaks 01]]

Chapter 12: Digital Signatures, Signed Classes

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3fe1b864f2a93a87-5ab22713-42e54296-8faa872c-a210ea2f3aa22ddec3e0a09f"><ac:plain-text-body><![CDATA[

[[Muchow 2001

AA. Bibliography#Muchow 01]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1713b8b69ee48cd3-9963ddf2-48c740ae-958fbbc2-d2d3188eaaa47f23b4e4c41e"><ac:plain-text-body><![CDATA[

[[Tutorials 2008

AA. Bibliography#Tutorials 08]]

[The JarRunner Class

http://java.sun.com/docs/books/tutorial/deployment/jar/jarrunner.html], [Lesson: API and Tools Use for Secure Code and File Exchanges

http://java.sun.com/docs/books/tutorial/security/sigcert/index.html] and [Verifying Signed JAR Files

http://java.sun.com/docs/books/tutorial/deployment/jar/verify.html]

]]></ac:plain-text-body></ac:structured-macro>

...