SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 79

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version 83

changes.mady.by.user Winfried Gerlach

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Sound automated detection of this vulnerability is not feasible. Heuristic approaches may be useful.

ToolVersionCheckerDescription
Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

BD
CERT.
SECURITY
FIO05.BUFEXPDo not expose data wrapped by a buffer to untrusted code
SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

MS_EXPOSE_BUF
EI_EXPOSE_BUF2
EI_EXPOSE_BUF
EI_EXPOSE_STATIC_BUF2

Implemented (since 4.3.0)

Bibliography

[API 2014]

Class CharBuffer

[Hitchens 2002]

Section 2.3 "Duplicating Buffers"

...