SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 108

changes.mady.by.user Derek Leung

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Risk Assessment

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

IDS04-J

Low

Probable

No

HighNo

P2

L3

Automated Detection

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
SonarQube
Include Page
SonarQube_V
SonarQube_V

S5042

Expanding archive files is security-sensitive

Related Guidelines

MITRE CWE

CWE-409, Improper Handling of Highly Compressed Data (Data Amplification)

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 1-1 / DOS-1: Beware of activities that may use disproportionate resources

...

[Mahmoud 2002]

Compressing and Decompressing Data Using Java APIs

[Seacord 2015]
Image result for video icon IDS04-J. Safely extract files from ZipInputStream LiveLesson


...

IDS05-J. Use a safe subset of ASCII for file and path names Image Added