SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 39

changes.mady.by.user Valery

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Deprecation!
Note
titleDeprecated

This guideline has been deprecated.

Both environment variables and system properties provide user-defined mappings between keys and their corresponding values and can be used to communicate those values from the environment to a process. According to the Java API [API 2014] java.lang.System class documentation:

...

Untrusted environment variables can provide data for injection and other attacks if not properly sanitized.

Rule

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

ENV02-J

Low

Likely

Yes

LowNo

P9P6

L2

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.ENV02.ENVDo not use the non-portable 'System.getenv()' method
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6110

...