SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 79

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Exposing buffers created using the wrap(), duplicate(), array(), slice(), or subsequence() methods may allow an untrusted caller to alter the contents of the original data.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

FIO05-J

Medium

Likely

No

NoLow

P18P6

L1L2

Automated Detection

Sound automated detection of this vulnerability is not feasible. Heuristic approaches may be useful.

ToolVersionCheckerDescription
Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

BD
CERT.
SECURITY
FIO05.BUFEXPDo not expose data wrapped by a buffer to untrusted code
SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

MS_EXPOSE_BUF
EI_EXPOSE_BUF2
EI_EXPOSE_BUF
EI_EXPOSE_STATIC_BUF2

Implemented (since 4.3.0)

Bibliography

[API 2014]

Class CharBuffer

[Hitchens 2002]

Section 2.3 "Duplicating Buffers"

...