SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 87

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 93

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Localize CodeSonar crossreferences to Java scope

...

Exceptions thrown during data logging can cause loss of data and can conceal security problems.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR02-J

Medium

Likely

High

P6

L2

Automated Detection

ToolVersionChecker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.DEBUG.LOG

Debug Warning (Java)

Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.ERR02.SIOAvoid calling print methods of 'System.err' or 'System.out'
SonarQube
Include Page
SonarQube_V
SonarQube_V
S106Standard outputs should not be used directly to log anything


Related Vulnerabilities

HARMONY-5981 describes a vulnerability in the HARMONY implementation of Java. In this implementation, the FileHandler class can receive log messages, but if one thread closes the associated file, a second thread will throw an exception when it tries to log a message.

Bibliography

[API 2014]

Class Logger

[JLS 2015]

Chapter 11, "Exceptions"

[Ware 2008]

 

...



...