SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 162

changes.mady.by.user Alexandre GIGLEUX

Saved on

compared with

New Version 169

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Localize CodeSonar crossreferences to Java scope

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

IDS07-J

High

Probable

Medium

P12

L1

Automated Detection

PORT Java Plugin Java Plugin Java Plugin
ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.IO.INJ.COMMAND

Command Injection (Java)

Coverity7.5OS_CMD_INJECTIONImplemented
Klocwork

Include Page
Klocwork_V
Klocwork_V

SV.EXEC
SV.EXEC.DIR
SV.EXEC.ENV
SV.EXEC.LOCAL
SV.EXEC.PATH		 
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.IDS07.EXECDo not use 'Runtime.exec()'
SonarQube
Include Page
SonarQube
_V
SonarQube
_V

S2076

OS commands should not be vulnerable to injection attacks

Related Vulnerabilities

CVE-2010-0886

Sun Java Web Start Plugin Command Line Argument Injection

CVE-2010-1826

Command injection in updateSharingD's handling of Mach RPC messages

T-472

Mac OS X Java Command Injection Flaw in updateSharingD lets local users gain elevated privileges

...