Rules
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Recommendations
FIO00-A. Validate deserialized objects
FIO01-A. Canonicalize path names originating from untrusted sources
FIO02-A. Use Runtime.exec() correctly
Rules
FIO31-C. Create a copy of mutable inputs
FIO32-C. Do not serialize sensitive data
FIO33-C. Do not allow serialization and deserialization to bypass the Security Manager
FIO34-C. Ensure all resources are properly closed when they are no longer needed
Risk Assessment Summary
Recommendations
Recommendation Rule | Severity | Likelihood | Detectable | Remediation Cost Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| FIO00-A | 1 (low) | 1 (unlikely) | 2 (medium) | P2 | L3 |
Rules
| -J | Medium | Unlikely | No | No | P2 | L3 |
| FIO01-J | Medium | Probable | No | No | P4 | L3 |
| FIO02-J | Medium | Probable | Yes | Yes | P12 | L1 |
| FIO03-J | Medium | Probable | No | No | P4 | L3 |
| FIO04-J | Low | Probable | Yes | No | P4 | L3 |
| FIO05-J | Medium | Likely | No | No | P6 | L2 |
| FIO06-J | Low | Unlikely | No | No | P1 | L3 |
| FIO07-J | Low | Probable | Yes | No | P4 | L3 |
| FIO08-J | High | Probable | Yes | Yes | P18 | L1 |
| FIO09-J | Low | Unlikely | No | Yes | P2 | L3 |
| FIO10-J | Low | Unlikely | No | No | P1 | L3 |
| FIO12-J | Low | Unlikely | No | No | P1 | L3 |
| FIO13-J | Medium | Probable | No | No | P4 | L3 |
| FIO14-J | Medium | Likely | No | No | P6 | L2 |
| FIO16-J | Medium | Unlikely | No | No | P2 | L3 |
...
...
Rules
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
FIO30-C
...
1 (low)
...
1 (unlikely)
...
2 (medium)
...
P2
...