Recommendations
FIO00-A. Validate user inputFIO01-A. Validate deserialized objects
FIO02FIO01-A. Canonicalize path names originating from untrusted sources
FIO03FIO02-A. Use Runtime.exec() correctly
Rules
FIO31-C. Create a copy of mutable inputs
FIO31FIO32-C. Do not serialize sensitive data
FIO32FIO33-C. Do not allow serialization and deserialization to bypass the Security Manager
...