Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Old Version 39

changes.mady.by.user Dhruv Mohindra

Saved on Jan 25, 2009

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on Aug 07, 2025

Key

This line was added.
This line was removed.
Formatting was changed.

Rules

Content by Label

showLabels	false
max	99
spaces	com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
showSpace	false
sort	title
cql	label = "fio" and label = "rule" and label != "void" and space = currentSpace()
labels	+fio, +rule, -void

Recommendations

FIO00-J. Validate deserialized objects

FIO01-J. Canonicalize path names originating from untrusted sources

FIO02-J. Use Runtime.exec() correctly

FIO03-J. Keep track of bytes read and account for character encoding while reading data

FIO04-J. Do not depend on user supplied encoded data

FIO05-J. Document character encoding while performing file or network IO

FIO06-J. Validate user input

FIO07-J. Do not assume infinite heap space

Rules

FIO30-J. Reserved

FIO31-J. Create a copy of mutable inputs

FIO32-J. Do not serialize sensitive data

FIO33-J. Do not allow serialization and deserialization to bypass the Security Manager

FIO34-J. Ensure all resources are properly closed when they are no longer needed

FIO35-J. Exclude user input from format strings

FIO36-J. Never hardcode sensitive information

FIO37-J. Create and delete temporary files safely

Risk Assessment Summary

Recommendations

Recommendation Rule	Severity	Likelihood	Detectable	Remediation Cost Repairable	Priority	Level
FIO00-J	Medium	medium Unlikely	probable No	high No	P4 P2	L3
FIO01-J	Medium	medium Probable	unlikely No	medium No	P4	L3
FIO02-J	Medium	Probable medium	unlikely Yes	medium Yes	P4 P12	L3 L1
FIO03-J	Medium	TODO Probable TODO	No	TODO No	TODO P4 TODO	L3
FIO04-J	Low	TODO Probable TODO	Yes	TODO No	TODO P4 TODO	L3
FIO05-J	Medium	Likely TODO TODO	No	TODO No	TODO P6 TODO	L2
FIO06-J	Low	Unlikely medium	probable No	high No	P4 P1	L3
FIO07-J	Low	medium Probable	probable Yes	high No	P4	L3

...

Rules Severity Likelihood Remediation Cost Priority Level

FIO08-J	High	Probable	Yes	Yes	P18	L1 FIO30
FIO09-J	TODO Low TODO	Unlikely	TODO No	TODO	TODO
FIO31-J	medium	probable	high	P4	L3
FIO32-J	medium	likely	high	P6	L2
FIO33-J	high	probable	high	P6	L2
FIO34-J	low	probable	medium	P4	L3
Yes	P2	L3
FIO10-J	Low	Unlikely	No	No	P1	L3
FIO12-J	Low	Unlikely	No	No	P1	L3
FIO13-J	Medium	Probable	No	No	FIO35-J	medium	unlikely	medium	P4	L3 FIO36
FIO14-J	Medium	high Likely	probable No	medium No	P12 P6	L1 L2 FIO37
FIO16-J	Medium	medium Unlikely	probable No	high No	P4 P2	L3

...

OBJ35-J. Use checked collections against external code The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Validate deserialized objects Image Added Image Added Image Added