SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 43

changes.mady.by.user Valery

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Whether a violation of this rule is exploitable depends on what classes are on the JVM's classpath.  (Note that this is a property of the execution environment, not of the code being audited.) In the worst case, it could lead to remote execution of arbitrary code.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

SER12-J

High

Likely

No

No

High

P9L2

Automated Detection

Tool
Version
Checker
Description
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.CLASS.SER.ND

Serialization not disabled (Java)

Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.SER12.VOBDValidate objects before deserialization
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V5333

ysoserial



Useful for developing exploits that detect violation of this rule

...