SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Fred Long

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Rules

Content by Label
showLabelsfalse
max99
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
showSpacefalse
sorttitle
cqllabel = "rule" and label = "env" and label != "void" and space = currentSpace()
labels+env,-void, +rule

Risk Assessment Summary

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

ENV00-JHighProbableNoNo

P6

L2

ENV01-JHighProbableNoNo

P6

L2

ENV02-JLowLikelyYesNo

P6

L2

ENV03-JHighLikelyNoNo

P9

L2

ENV04-JHighLikelyNoNo

P9

L2

ENV05-JHighProbableNoNo

P6

L2

ENV06-JHighProbableNoNo

P6

L2


...

Image Added Image Added

Recommendations

ENV00-J. Do not sign code that performs only unprivileged operations

ENV01-J. Do not deploy an application that can be accessed by the JVM Tool Interface

ENV02-J. Do not deploy an application that can be accessed by the Java Platform Debugger Architecture

ENV03-J. Limit remote uses of JVM Monitoring and Managing

Rules

ENV30-J. Create a secure sandbox using a Security Manager

ENV31-J. Never grant AllPermission to untrusted code

ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks

ENV33-J. Do not grant RuntimePermission with target createClassLoader

ENV34-J. Do not disable bytecode verification

ENV35-J. Provide a trusted environment and sanitize all inputs

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java      Image Modified