SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 102

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Rules

Content by Label
showLabelsfalse
max99
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
showSpacefalse
sorttitle
cqllabel = "msc" and label = "rule" and label != "void" and space = currentSpace()
labels+msc,-void, +rule

Risk Assessment Summary

Rule

Severity

Likelihood

Detectable

Repairable

Recommendations

MSC00-J. Eliminate class initialization cycles

MSC01-J. Avoid memory leaks

MSC02-J. Avoid cyclic dependencies between packages

MSC03-J. Prefer using URIs to URLs

MSC04-J. Prefer using Iterators over Enumerations

MSC05-J. Carefully design interfaces before releasing them

MSC06-J. Do not mix generic with non-generic raw types in new code

MSC07-J. Library methods should validate their parameters

MSC08-J. Finish every set of statements associated with a case label with a break statement

MSC09-J. Do not assume infinite heap space

MSC10-J. Perform loss less conversion of String to given encoding and back

MSC11-J. Limit the lifetime of sensitive data

Rules

MSC30-J. Generate truly random numbers

MSC31-J. Never hardcode sensitive information

MSC32-J. Prevent OS Command Injection

MSC33-J. Prevent against SQL Injection

MSC34-J. Prevent XML Injection

MSC35-J. Prevent XPath Injection

MSC36-J. Understand how escape characters are interpreted when String literals are compiled

MSC37-J. Make sensitive classes noncloneable

MSC38-J. Do not modify the underlying collection when an iteration is in progress

MSC39-J. Sanitize before processing or storing user input

MSC40-J. Account for supplementary and combining characters in globalized code

MSC41-J. Validate strings after performing normalization

MSC42-J. Do not delete non-character code points

MSC43-J. Prevent XML external entity attacks

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC00-JMediumLikely low unlikely No medium No

P2 P6

L3 L2

MSC01-JLow low Unlikely unlikely Yes high Yes

P1 P3

L3

MSC02-JHigh low Probable probable No medium No

P4 P6

L3 L2

MSC03-JHighProbable low probable No medium No

P4 P6

L3 L2

MSC04-JLowUnlikely low unlikely No medium No

P2 P1

L3

MSC05-JLow low Probable probable No high No

P2

L3

MSC06-JLowProbable low probable No medium No

P4 P2

L3

MSC07-J medium Low probable Unlikely high Yes P4 No

L3

MSC08- J

medium

unlikely

low

P6

L2

MSC09- J

low

probable

medium

P4

L3

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC30- J

high

probable

medium

P12

L1

MSC31- J

high

probable

medium

P12

L1

MSC32- J

high

probable

medium

P12

L1

MSC33- J

medium

probable

high

P4

L3

MSC34- J

medium

probable

medium

P8

L2

MSC35- J

medium

probable

medium

P8

L2

MSC36- J

low

unlikely

high

P1

L3

MSC37- J

medium

probable

medium

P8

L2

MSC38- J

low

probable

medium

P4

L3

P2

L3


...

Image Added Image Added Image AddedSER37-J. Do not deserialize from a privileged context      The CERT Sun Microsystems Secure Coding Standard for Java      MSC00-J. Eliminate class initialization cycles