Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Old Version 33

changes.mady.by.user Justin Pincar

Saved on Nov 19, 2008

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on Aug 07, 2025

Key

This line was added.
This line was removed.
Formatting was changed.

Rules

Content by Label

showLabels	false
max	99
spaces	com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
showSpace	false
sort	title
cql	label = "fio" and label = "rule" and label != "void" and space = currentSpace()
labels	+fio, +rule, -void

Recommendations

FIO00-J. Validate deserialized objects

FIO01-J. Canonicalize path names originating from untrusted sources

FIO02-J. Use Runtime.exec() correctly

FIO04-J. Understand the limitations of the logging framework

FIO05-J. Document character encoding while performing file IO

FIO06-J. Validate user input

FIO07-J. Do not assume infinite heap space when reading in data

Rules

FIO31-J. Create a copy of mutable inputs

FIO32-J. Do not serialize sensitive data

FIO33-J. Do not allow serialization and deserialization to bypass the Security Manager

FIO34-J. Ensure all resources are properly closed when they are no longer needed

FIO35-J. Exclude user input from format strings

FIO36-J. Never hardcode sensitive information

Risk Assessment Summary

Recommendations

Recommendation Rule	Severity	Likelihood	Detectable	Repairable Remediation Cost	Priority	Level
FIO00-J	Medium	Unlikely medium	probable No	high No	P4 P2	L3
FIO01-J	Medium	high Probable	probable No	high No	P6 P4	L2	FIO02-J	L3
FIO02-J	Medium	Probable	Yes	Yes	P12	L1
FIO03-J	Medium	Probable	No	No	P4	L3
FIO04-J	Low	Probable	Yes	No	P4	L3
FIO05-J	Medium	Likely	No	No	high	probable	high	P6	L2
FIO06-J	Low	Unlikely	No	No	P1	L3
FIO07-J	Low	medium Probable	probable Yes	high No	P4	L3

...

Rules Severity Likelihood Remediation Cost Priority Level

FIO08-J	High	Probable	Yes	Yes	P18	L1 FIO31
FIO09-J	Low	medium Unlikely	probable No	high Yes	P4 P2	L3 FIO32
FIO10-J	Low	Unlikely medium	likely No	high No	P6 P1	L2 L3 FIO33
FIO12-J	Low	Unlikely high	probable No	high No	P6 P1	L2 L3 FIO35
FIO13-J	Medium	Probable medium	probable No	high No	P4	L3
FIO14-J	Medium	Likely	No	No	P6	L2
FIO16-J	Medium	Unlikely	No	No	P2	L3

...

Image Added Image Added Image Added OBJ35-J. Use checked collections against external code The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Validate deserialized objects