Rules
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable |
|---|
Guidelines
IDS00-J. Always validate user input
IDS01-J. Sanitize before processing or storing user input
IDS02-J. Validate strings after performing normalization
IDS03-J. Do not delete non-character code points
IDS04-J. Properly encode or escape output
IDS05-J. Library methods should validate their parameters
IDS06-J. Prevent OS Command Injection
IDS07-J. Prevent SQL Injection
IDS08-J. Prevent XML Injection
IDS09-J. Prevent XPath Injection
IDS10-J. Prevent XML external entity attacks
IDS11-J. Prevent LDAP injection
IDS12-J. Prevent against code injection
IDS13-J. Account for supplementary and combining characters in globalized code
IDS14-J. Perform loss less conversion of String to given encoding and back
IDS15-J. Prefer using URIs to URLs
IDS16-J. Do not use locale dependent methods on locale insensitive data
IDS17-J. Understand how escape characters are interpreted when String literals are compiled
Risk Assessment Summary
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
| IDS00-J | High | Likely high | probable Yes | medium No | P12 P18 | L1 |
| IDS01-J | high High | probable Probable | medium No | P12 No | L1 P6 | |
IDS02- J | high | probable | medium | P12 | L1 | |
L2 | ||||||
| IDS03-J | Medium | high Probable | probable No | medium No | P12 P4 | L1 L3 |
| IDS04-J | Low | Probable high | probable No | medium No | P12 P2 | L1 L3 IDS05 |
| IDS06-J | Medium | medium Unlikely | probable Yes | high No | P4 | L3 IDS06 |
| IDS07-J | High | high Probable | probable Yes | medium No | P12 | L1 IDS07 |
| IDS08-J | Medium | Unlikely medium | probable Yes | high No | P4 | L3 IDS08 |
| IDS11-J | High | medium Probable | probable No | medium No | P8 P6 | L2 IDS09 |
| IDS14-J | medium High | probable Probable | medium No | P8 | L2 | |
IDS10- J | medium | probable | medium | P8 | L2 | |
| No | P6 | L2 | ||||
| IDS16 IDS11-J | high High | likely Probable | medium Yes | P18 | L1 | |
IDS12- J | high | likely | medium | P18 | L1 | |
| No | P12 | L1 | ||||
| IDS17 IDS13-J | low Medium | unlikely Probable | medium No | P2 | L3 | |
IDS14- J | low | probable | medium | P4 | L3 | |
IDS15- J | low | probable | medium | P4 | L3 | |
IDS16- J | medium | probable | medium | P8 | L2 | |
IDS17- J | low | unlikely | high | P1 | L3 | |
| No | P4 | L3 |
...
FIO10-J. Do not let Runtime.exec() fail or block indefinitely The CERT Sun Microsystems Secure Coding Standard for Java IDS00-J. Always validate user input