SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
Info
titleGenerated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

Version number:
V. 5.0

was automatically generated and should not be edited.

Note

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
Fortify_V
Fortify_V
CERT Java Secure Coding Standard

Checker

Guideline

Hidden_Field IDS14-J. Do not trust the contents of hidden form fields

Java checkers

HTTP_Response_Splitting IDS00-J. Sanitize untrusted data passed across a trust boundary - java - CERT Secure Coding StandardPrevent SQL injection
Log_Forging IDS03-J. Do not log unsanitized user input
Missing_Check_against_Null EXP01-J. Never dereference null pointers - java - CERT Secure Coding StandardDo not use a null in a case where an object is required
Missing_XML_Validation IDS16-J. Prevent XML Injection
Missing_XML_Validation IDS00 IDS17-J. Sanitize untrusted data passed across a trust boundary - java - CERT Secure Coding StandardPrevent XML External Entity Attacks
Not Implemented VNA00-J. Ensure visibility when accessing shared primitive variables
Null_Dereference EXP01-J. Never dereference null pointers - java - CERT Secure Coding StandardDo not use a null in a case where an object is required
Password_Management __Hardcoded_Password MSC03-J. Never hard code sensitive information - java - CERT Secure Coding Standard
Password_Management__Hardcoded_Password MSC03-J. Never hard code sensitive information - java - CERT Secure Coding Standard
Path_Manipulation FIO16-J. Canonicalize path names before validating them
Process_Control IDS01-J. Normalize strings before validating them
Redundant_Null_Check EXP01-J. Never dereference null pointers - java - CERT Secure Coding StandardDo not use a null in a case where an object is required
SQL_Injection IDS00-J. Sanitize untrusted data passed across a trust boundary - java - CERT Secure Coding StandardPrevent SQL injection
SQL_Injection__Persistence IDS00-J. Sanitize untrusted data passed across a trust boundary - java - CERT Secure Coding StandardPrevent SQL injection