Rules
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Recommendations
FIO00-J. Canonicalize path names originating from untrusted sources
FIO01-J. Use Runtime.exec() correctly
FIO02-J. Keep track of bytes read and account for character encoding while reading data
FIO03-J. Specify the character encoding while performing file or network IO
Rules
FIO30-J. Do not log sensitive information
FIO31-J. Defensively copy mutable inputs and mutable internal components
FIO32-J. Ensure all resources are properly closed when they are no longer needed
FIO33-J. Exclude user input from format strings
FIO34-J. Create and delete temporary files safely
FIO36-J. Do not create multiple buffered wrappers on an InputStream
Risk Assessment Summary
Recommendations
Recommendation Rule | Severity | Likelihood | Detectable | Remediation Cost Repairable | Priority | Level | ||
|---|---|---|---|---|---|---|---|---|
| FIO00-J | Medium | TODO Unlikely TODO | No | TODO | P??? | No | P2 | L3 L??? |
| FIO01-J | Medium | medium Probable | unlikely No | medium No | P4 | L3 | ||
| FIO02-J | Medium | medium Probable | unlikely Yes | medium Yes | P4 P12 | L3 L1 | ||
| FIO03-J | Medium | Probable low | unlikely No | medium No | P2 P4 | L3 | ||
| FIO04-J | Low | TODO Probable TODO | Yes | TODO | P??? | No | P4 | L3 L??? |
| FIO05-J | Medium | TODO Likely TODO | No | TODO | P??? | No | P6 | L2 L??? |
| FIO06-J | Low | TODO Unlikely TODO | No | TODO | P??? | No | P1 | L3 L??? |
| FIO07-J | Low | Probable medium | probable Yes | high No | P4 | L3 |
Rules
Rules | Severity | Likelihood | Remediation Cost | Priority | Level | ||||
|---|---|---|---|---|---|---|---|---|---|
| FIO30FIO08-J | High | TODO Probable TODO | Yes | TODO | P??? | L??? | Yes | P18 | L1 |
| FIO09 FIO31-J | TODO Low TODO | Unlikely | TODO | P??? | L??? | ||||
FIO32-J | TODO | TODO | TODO | P??? | L??? | ||||
FIO33-J | TODO | TODO | TODO | P??? | L??? | ||||
FIO34-J | low | probable | medium | P4 | L3 | ||||
FIO35-J | medium | unlikely | medium | P4 | L3 | ||||
FIO36-J | high | probable | medium | P12 | L1 | ||||
FIO37-J | medium | probable | high | P4 | L3 | ||||
FIO38-J | medium | probable | high | P4 | L3 | ||||
FIO39-J | low | unlikely | medium | P2 | L3 | ||||
| No | Yes | P2 | L3 | ||||||
| FIO10-J | Low | Unlikely | No | No | P1 | L3 | |||
| FIO12-J | Low | Unlikely | No | No | P1 | L3 | |||
| FIO13-J | Medium | Probable | No | No | P4 | L3 | |||
| FIO14-J | Medium | Likely | No | No | P6 | L2 | |||
| FIO16-J | Medium | Unlikely | No | No | P2 | L3 |
...
OBJ38-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names originating from untrusted sources