SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Failure to sanitize user input before processing or storing it can result in injection attacks.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

IDS17-J

Medium

Probable

No

NoMedium

P8P4

L2L3

Automated Detection

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
Fortify1.0

Missing_XML_Validation

Implemented
Klocwork

Include Page
Klocwork_V
Klocwork_V

SV.XXE.DBF
SV.XXE.SF
SV.XXE.SPF
SV.XXE.TF
SV.XXE.XIF
SV.XXE.XRF


SonarQube

Include Page
SonarQube_V
SonarQube_V

S2755

S4435

Untrusted XML should be parsed with a local, static DTD

XML transformers should be secured

...