SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 48

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Rules

Content by Label
showLabelsfalse
max99
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
showSpacefalse
sorttitle
cqllabel = "fio" and label = "rule" and label != "void" and space = currentSpace()
labels+fio, +rule, -void

Recommendations

FIO00-J. Reserved (moved to SER)

FIO01-J. Canonicalize path names originating from untrusted sources

FIO02-J. Use Runtime.exec() correctly

FIO03-J. Keep track of bytes read and account for character encoding while reading data

FIO04-J. Reserved

FIO05-J. Document character encoding while performing file or network IO

FIO06-J. Validate user input

FIO07-J. Do not assume infinite heap space

Rules

FIO30-J. Do not log sensitive information

FIO31-J. Create a copy of mutable inputs

FIO32-J. Reserved (moved to SER)

FIO33-J. Reserved (moved to SER)

FIO34-J. Ensure all resources are properly closed when they are no longer needed

FIO35-J. Exclude user input from format strings

FIO36-J. Reserved (moved to MSC31-J)

FIO37-J. Create and delete temporary files safely

Risk Assessment Summary

Recommendations

Recommendation Rule

Severity

Likelihood

Detectable

Repairable Remediation Cost

Priority

Level

FIO00-JMedium TODO Unlikely TODO No TODO No

TODO P2 TODO

L3

FIO01-JMedium medium Probable unlikely No medium No

P4

L3

FIO02-JMedium medium Probable unlikely Yes medium Yes

P4 P12

L3 L1

FIO03-JMedium low Probable unlikely No medium No

P2 P4

L3

FIO04-JLowProbable TODO TODO Yes TODO No

TODO P4 TODO

L3

FIO05-JMediumLikely TODO TODO No TODO No

TODO P6 TODO

L2

FIO06-JLowUnlikely medium probable No high No

P4 P1

L3

FIO07-JLowProbable medium probable Yes high No

P4

L3

...

Rules Severity Likelihood Remediation Cost Priority Level
FIO08-JHighProbableYesYes

P18

L1 FIO30

FIO09-JLow TODO Unlikely TODO No TODO Yes

TODO P2 TODO

L3 FIO31

FIO10-J TODO Low TODO Unlikely TODO No TODO No

TODO P1

FIO32-J

TODO

TODO

TODO

TODO

TODO

L3

FIO12 FIO33-J TODO Low TODO Unlikely TODO No TODO No

TODO

FIO34-J

low

probable

medium

P4

P1

L3 FIO35

FIO13-JMedium medium Probable unlikely No medium No

P4

L3 FIO36

FIO14-JMedium high Likely probable No medium No

P12 P6

L1 L2 FIO37

FIO16-JMedium medium Unlikely probable No high No

P4 P2

L3


...

OBJ35-J. Use checked collections against external code      The CERT Sun Microsystems Secure Coding Standard for Java      SER31-J. Validate deserialized objectsImage Added Image Added Image Added