Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0 (sch jp)
Wiki Markup
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <title>00. Security (SEC) - CERT Secure Coding Standards</title>
                
    <script language="javascript">
        var contextPath = '/confluence';
        var i18n = [];
    </script>

                            <link rel="stylesheet" href="/confluence/s/1116/1/1/_/styles/main-action.css?spaceKey=java" type="text/css" />
                    
            <script type="text/javascript" src="/confluence/s/1116/1/_/decorators/effects.js"></script>
    
            

    <script type="text/javascript">

    function toggleMenu(menuId)
    {         var visible = toggleVisibility(menuId);         if (visible)             setCookie("confluence.leftnav." + menuId, true);         else             setCookie("confluence.leftnav.", false);     }

    function isMenuExpanded(menuId)
    {         return getCookie("confluence.leftnav." + menuId);     }

    function initMenuItem(menuId)
    {
        if (document.getElementById(menuId))
        {
            if (isMenuExpanded(menuId) == 'true')
            {                 document.getElementById(menuId).style.display = "block";             }
            else
            {                 document.getElementById(menuId).style.display = "none";             }
        }
    }
</script>

</head>

            <body onload="placeFocus()">
    <!--BEGIN HEADER -->

<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#ffffff"><tr>
<td valign="middle"><img src="https://www.cert.org/images/1pxinv.gif" width="5" height="94"></td><td valign="middle"><a href="https://www.cert.org/"><img 
src="https://www.cert.org/cert/images/cert_logo.gif" alt="CERT" border="0"></a></td><td valign="bottom" align="right" width="100%">

<!--NAVIGATION TABLE-->
<table border="0" cellspacing="0" cellpadding="0" width="600"><a href="https://www.cert.org/work/software_assurance.html"><img src="https://www.cert.org/cert/images/1off.jpg" 
width="132" height="21" 
alt="Software Assurance" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/secure_systems.html"><img 
src="https://www.cert.org/cert/images/2off.jpg" width="109" height="21" alt="Secure Systems" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a 
href="https://www.cert.org/work/organizational_security.html"><img 
src="https://www.cert.org/cert/images/3off.jpg" width="140" height="21" alt="Organizational Security" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a 
href="https://www.cert.org/work/coordinating_response.html"><img 
src="https://www.cert.org/cert/images/4off.jpg" width="140" height="21" alt="Coordinating Response" border="0"></a><img 
src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/training.html"><img src="https://www.cert.org/cert/images/5off.jpg" width="75" 
height="21" alt="Training" border="0"></a></td></tr></table>

<!--END NAVIGATION TABLE -->

</td></tr></table>

<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#666666"><tr><td><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="3"></td></tr></table>

<!--END HEADER -->


    <script type="text/javascript">
        function hideMessage(messageId)
        {             var message = document.getElementById(messageId)             message.style.display = "none";             setCookie(messageId, true);         }
    </script>

        

<div id="PageContent">
    <table cellspacing="0" cellpadding="0" width="100%">
        <tr class="topBar">
            <td align="left">
                &nbsp;
                <span class="topBarDiv fontSizeSmaller">             
    <script language="JavaScript">
        function showBreadcrumbsEllipsis()
        {             document.getElementById('breadcrumbsEllipsis').style.display = 'none';             document.getElementById('breadcrumbsExpansion').style.display = 'inline';         }
    </script>
                                                    <a href="/confluence/dashboard.action">Dashboard</a>
                                     >                         <a href="/confluence/display/java">java</a>
                                     >                         <a href="/confluence/display/java/CERT+Java+Secure+Coding+Standard">CERT Java Secure Coding Standard</a>
                                     >                         <a href="/confluence/display/java/00.+Security+%28SEC%29">00. Security (SEC)</a>
                                     >                         Edit Page                
     </span>
            </td>

            <td align="right" valign="middle" style="white-space:nowrap">
                    <form id="quickSearch" method="POST" action="/confluence/dosearchsite.action" name="searchForm">
        <input type="hidden" name="quickSearch" value="true" />
        
        <input type="hidden" name="searchQuery.spaceKey" value="conf_global" />
        <input type="text" accessKey="s" name="searchQuery.queryString" size="25"/>
        <input type="submit" value="Search"/>
    </form>
            </td>
        </tr>
    </table>
    <table cellspacing="0" cellpadding="0" width="100%">
        <tr>
                    <td width="150px" valign="top" class="sidebar" nowrap>
                <div class="leftnav">
                     <div id="logodiv">
                        					        <a href="/confluence/display/java"><img src="/confluence/images/confluence_logo.gif" align="absmiddle" border="0"></a>					                          </div>
                      <div id="menu">
                        <table class="sectionMacro" border="0" cellpadding="5" cellspacing="0" width="100%"><tbody><tr>
<td class="confluenceTd"  valign="top" width="105%">
<div class='panelMacro'><table class='infoMacro'><tr><td>

<p><b>Standards</b><br/>
<a href="/confluence/display/seccode/CERT+Secure+Coding+Standards" title="CERT Secure Coding Standards">Overview</a><br/>
<a href="/confluence/display/seccode/CERT+C+Secure+Coding+Standard" title="CERT C Secure Coding Standard">C Language</a><br/>
<a href="/confluence/pages/viewpage.action?pageId=637" title="CERT C++ Secure Coding Standard">C+&#43;</a></p>

<p><b>CERT Websites</b><br/>
<a href="http://www.cert.org/" rel="nofollow">CERT</a><br/>
<a href="http://www.cert.org/secure-coding" rel="nofollow">Secure Coding</a><br/>
<a href="http://www.cert.org/tech_tips/" rel="nofollow">Tech Tips</a></p>

<p><b>CERT Employment</b> <br/>
<a href="http://www.cert.org/jobs/" rel="nofollow"><b>Opportunities</b></a></p>

<p><a href="http://www.cert.org/books/secure-coding/" rel="nofollow"><img src="https://www.cert.org/images/securec.jpg" align="absmiddle" border="0" width="100" /></a></p>

<p><b>Related Sites</b><br/>
<a href="http://www.us-cert.gov/" rel="nofollow"><img src="https://www.cert.org/images/logo/uscert_4g_sm.jpg" align="absmiddle" border="0" /></a><br/>
<a href="http://www.cylab.cmu.edu/" title="http://www.cylab.cmu.edu/" rel="nofollow"><img src="https://www.cert.org/images/logo/cylab_alt.jpg" align="absmiddle" border="0" /></a></p></td></tr></table></div></td></tr></tbody></table>
                        
<h5><a href="#" onCLick="toggleMenu('pagenav'); return false;"><img src="/confluence/images/icons/docs_16.gif" width=16 height=16 border=0 align=absmiddle > Page Operations</a></h5>
<div id="pagenav" class="subnav" style="display:none;">
   <ul>
	   		   <li><a  id="viewPageLink"  href="/confluence/display/java/00.+Security+%28SEC%29"   onClick="javascript:saveDraftOnPageChange(this); return false;"   accessKey="v"><u>V</u>iew</a></li>
	   		   <li><a  id="editPageLink"  href="/confluence/pages/editpage.action?pageId=4254"  class="current"   onClick="javascript:saveDraftOnPageChange(this); return false;"   accessKey="e"><u>E</u>dit</a></li>
	   		   <li><a  id="viewAttachmentsLink"  href="/confluence/pages/viewpageattachments.action?pageId=4254"   onClick="javascript:saveDraftOnPageChange(this); return false;"   accessKey="a"><u>A</u>ttachments (0)</a></li>
	   		   <li><a  id="viewPageInfoLink"  href="/confluence/pages/viewinfo.action?pageId=4254"   onClick="javascript:saveDraftOnPageChange(this); return false;"   accessKey="i"><u>I</u>nfo</a></li>
	      </ul>
</div>

                        
                        
<h5><a href="#" onCLick="toggleMenu('browsenav'); return false;"><img src="/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Find Content"> Browse Space</a></h5>
<div id="browsenav"class="subnav" style="display:none;">
	<ul>
					<li><a href="/confluence/pages/listpages.action?key=java" >Pages</a></li>
					<li><a href="/confluence/labels/listlabels-heatmap.action?key=java" >Labels</a></li>
					<li><a href="/confluence/spaces/listattachmentsforspace.action?key=java" >Attachments</a></li>
					<li><a href="/confluence/spaces/viewmailarchive.action?key=java" >Mail</a></li>
					<li><a href="/confluence/pages/viewrecentblogposts.action?key=java" >News</a></li>
					<li><a href="/confluence/spaces/usage/report.action?key=java" >Activity</a></li>
					<li><a href="/confluence/spaces/viewspacesummary.action?key=java" >Advanced</a></li>
			</ul>
</div>

<h5><a href="#" onCLick="toggleMenu('addcontent'); return false;"><img src="/confluence/images/icons/add_16.gif" height="16" width="16" border="0" align="absmiddle" title="Find Content"> Add Content</a></h5>
<div id="addcontent" class="subnav" style="display:none;">
    <ul>
										
									<li><a href="/confluence/pages/createpage.action?spaceKey=java&fromPageId=4254"><img src="/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page">&nbsp;Add Page</a></li>
						    			</ul>
</div>

                      </div>
                    <script type="text/javascript">
                        initMenuItem("browsenav");
                        initMenuItem("pagenav");
                        initMenuItem("addcontent");
                    </script>
                </div>
            </td>
                    <td valign="top" width="100%">
                <!-- Inner content table -->
                <table width="100%" cellpadding="2" cellspacing="0">
                    <tr>
                        <td colspan="2" valign="middle" align="right" style="background-color:#F0F0F0">
                            <div style="margin-right: 3px;">
                                                                                                                                    
    <span class="smalltext" id="userNavBar">
                    Welcome <a href="/confluence/display/~jpincar">Justin Pincar</a> |

                            <a href="/confluence/users/viewuserhistory.action" onClick="window.open(this.href,'user_history', 'width=620, height=150, resizable'); return false;" title="View History">History</a> |
            
            <a href="/confluence/users/viewuserprofile.action?username=jpincar">Preferences</a> |

            
            <a href="/confluence/logout.action" id="logout">Log Out</a>&nbsp;
            </span>
                                            <a href="/confluence/pages/editpage.action?pageId=4254&decorator=printable" rel="nofollow"><img src="/confluence/images/icons/print_16.gif" width="16" height="16" hspace="1" vspace="1" align="absmiddle" border="0" alt="View a printable version of the current page." title="View a printable version of the current page."/></a>

                                                                        
            <a href="/confluence/pages/doexportpage.action?pageId=4254&type=TYPE_PDF" rel="nofollow">
        <img src="/confluence/images/icons/attachments/pdf.gif" height="16" width="16" border="0" align="absmiddle" title="Export Page as PDF"></a>
                                                                        
                                                            </div>
                        </td>
                    </tr>
                    <tr>
                        <td id="mainViewPane">
                            <div>
                                <table class="fullWidthBorderless">
                                    <td><span id="spaceFullNameLink">            <a href="/confluence/display/java">java</a>    </span></td>
                                    <td align="right">
    <a  id="pageFavourite"  href="/confluence/labels/addfavourite.action?entityId=4254"><img src="/confluence/images/icons/star_grey.gif" height="16" width="16" border="0" align="absmiddle" title="Add this page to your favourites list" alt="Add this page to your favourites list"></a>
    <a  id="pageWatch"  href="/confluence/pages/addpagenotification.action?pageId=4254"><img src="/confluence/images/icons/watch_16.gif" height="16" width="16" border="0" align="absmiddle" title="Watch this page" alt="Watch this page"></a>
</td>
                                </table>
                                <div class="pagetitle" style="padding: 0px; margin-bottom:5px; margin-top: 2px;">
                                                                            00. Security (SEC)
                                    </div>
                            </div>
                                                        <div id="content">
                                <!-- call the page decorator -->
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              <!--
    Root decorator: all decisions about how a page is to be decorated via the
                    inline decoration begins here.
-->



<!--
    Switch based upon the context. However, for now, just delegate to a decorator
    identified directly by the context.
-->


    
    <!--[if gte IE 5.5000]>
<script language="JavaScript">
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 or higher.
   {
   for(var i=0; i<document.images.length; i++)
      {
	  var img = document.images[i]
	  var imgName = img.src.toUpperCase()
	  if (imgName.substring(imgName.length-3, imgName.length) == "PNG")
	     {
		 var imgID = (img.id) ? "id='" + img.id + "' " : ""
		 var imgClass = (img.className) ? "class='" + img.className + "' " : ""
		 var imgTitle = (img.title) ? "title='" + img.title + "' " : "title='" + img.alt + "' "
		 var imgStyle = "display:inline-block;" + img.style.cssText
		 if (img.align == "left") imgStyle = "float:left;" + imgStyle
		 if (img.align == "right") imgStyle = "float:right;" + imgStyle
		 if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle
		 var strNewHTML = "<span " + imgID + imgClass + imgTitle
		 + " style=\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";"
	     + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader"
		 + "(src=\'" + img.src + "\', sizingMethod='scale');\"></span>"
		 img.outerHTML = strNewHTML
		 i = i-1
	     }
      }
   }
window.attachEvent("onload", correctPNG);
</script>
<![endif]-->























<style>
    .imageLink{         margin:2px;         vertical-align: bottom;         float:left;     }

        /*Overwritten styles in the main.css*/
        .greybox {             border: 0px;             border-top: 1px solid #ddd;             border-bottom: 1px solid #ddd;             background-color: #F0F0F0;
	        padding: 3px;
	        margin: 0;         }
</style>











    <div id="editpage">
    <!-- is the user logged in? -->
        
                
    
            <script type="text/javascript" src="/confluence/s/1116/1/_/editpage-javascript"></script>
    
<script type="text/javascript" language="JavaScript">
    var domainName = 'https://www.securecoding.cert.org/confluence';
    var entityId = '4254';
    var spaceKey = 'java';

    function toggleHierarchy()
    {
        // prepare to toggle the hierarchy checkbox
        var selectbox = document.getElementById('newSpaceKey');
        var checkbox = document.getElementById('hierarchy_checkbox');
        var checkboxText = document.getElementById('hierarchy_text');
        if (selectbox != undefined && selectbox.type == "select-one")
        {
            var selectedSpaceKey = selectbox.options[selectbox.selectedIndex].value;
            var currentSpaceKey = 'java';

            if(currentSpaceKey != selectedSpaceKey){                 checkbox.disabled=false;                 checkbox.checked=false;                 checkboxText.style.color='black';             }
            else{                 checkbox.disabled=true;                 checkbox.checked = true;                 checkboxText.style.color='lightgrey';             }
        }
    }

</script>

<form id="editpageform" name="editpageform" method="post" action="doeditpage.action?pageId=4254">
    <input
    type="hidden"
          name="originalVersion"            value="8"             />    <input
    type="hidden"
          name="originalContent"            value="h2. Recommendations

[SEC00-AJ. Do not allow exceptions to transmit sensitive information]

[SEC01-A. Be careful using doPrivileged]

[SEC02-A. Beware of standard APIs that may bypass Security Manager checks]

[SEC03-A. Beware of standard APIs that may use the immediate caller's class loader instance]

[SEC04-A. Beware of standard APIs that perform access checks against the immediate caller]

[SEC05-A. Handle exceptions appropriately]

h2. Rules

[SEC30-C. Always use a Security Manager]

[SEC31-C. Never grant AllPermission]

[SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks]

[SEC33-C. Define wrappers around native methods]

[SEC34-C. Do not allow the unauthorized construction of sensitive classes]

[SEC35-C. Provide mutable classes with a clone method]

[SEC36-C. Ensure that the bytecode verifier is applied to all involved code upon any modification]

h2. Risk Assessment Summary

h3. Rules
|| Rule || Severity || Likelihood || Remediation Cost || Priority || Level ||
| SEC30-C | high | likely | low | {color:red}{*}P27{*}{color} | {color:red}{*}L1{*}{color} |
| SEC31-C | medium | probable | medium | {color:#cc9900}{*}P8{*}{color} | {color:#cc9900}{*}L2{*}{color} |
| SEC32-C | low | unlikely | high | {color:green}{*}P1{*}{color} | {color:green}{*}L3{*}{color} |



"             />    <input
    type="hidden"
          name="labelsShowing"            value="false"                     id="labelsShowing"           />    <input
    type="hidden"
          name="restrictionsShowing"            value="false"                     id="restrictionsShowing"           />    <input
    type="hidden"
          name="locationShowing"            value="false"                     id="locationShowing"           />

    <div id="editBox">
        <!--headerRow with padding of 10px. needs to be renamed-->

        <div id="headerRow">

            <!--Remove Page Link -->
            <div style="float:right;">
                        <a href="/confluence/pages/removepage.action?pageId=4254"><img src="/confluence/images/icons/trash_16.gif" width="16" height="16" border="0px" align="absmiddle" title="Remove"></a>&nbsp;<a href="/confluence/pages/removepage.action?pageId=4254">Remove Page</a>
                </div>
            <div style="float:left"/>
            <!--title text field-->
            <div style="margin-bottom:5px;">
                                              <input type="text"
                                   name="title"
             size="55"                    value="00. Security (SEC)"               tabindex="1"             class="pagetitle"       />            </div>

            <!-- Start location section -->
            <div class="inputSection">
                



<script>
<!--

function hideLocationDiv()
{
    $('location_div').style.display = 'none';
            publishFormData($('newSpaceKey'), $('space_info'), $('space_content'));
        publishFormData($('parentPageString'), $('parent_info'), $('parent_content'));

    $('location_edit_link').innerHTML = "EDIT";
    highlight($('location_info'));
}

function showLocationDiv()
{
    $('location_div').style.display = 'block';
    $('location_edit_link').innerHTML = "DONE";
}

function toggleLocation()
{
    if($('location_div').style.display == 'none')
    {        showLocationDiv();     }
    else
    {         hideLocationDiv();     }
    return false;
}

//-->
</script>

<span class="formtitle">Location:</span>
<span id="location_info" onclick="toggleLocation()">
    <span id="space_info" >
        <span id="space_content">java</span>
    </span>
    <span id="parent_info" >
        > <span id="parent_content">CERT Java Secure Coding Standard</span>
    </span>
    <span class="inline-control-link fontSizeTiny" id="location_edit_link">EDIT</span>
</span>
<div id="location_div" class="toggleFormDiv" style="padding: 8px; display:none">
                      <table>
        <tr>
            <td valign="top">
                <div>
                                    <div>
                        <label onclick="toggleLocation()" class="formtitle">Space</label>
                        <br />
                        <select id="newSpaceKey" name="newSpaceKey" tabindex="3" onChange="toggleHierarchy();  blankParent();">
                                                    <option value="cplusplus" >C++ Secure Coding Practices</option>
                                                    <option value="java"  selected>java</option>
                                                    <option value="seccode" >Secure Coding</option>
                                                    <option value="SD" >Secure Design</option>
                                                </select>
                    </div>
                                </div>
            </td>
            <td valign="top">
                <div>
                    

<div class="formtitle">
    Parent Page
</div>
<input type="text"
                                   name="parentPageString"
             size="30"                    value="CERT Java Secure Coding Standard"               tabindex="2"                   id="parentPageString"                />            <a href="#" onClick="window.open('/confluence/users/spacepagepicker.action?pageId=4254&currentspace=' + document.getElementById('newSpaceKey').value + '&formname=editpageform&fieldname=parentPageString&mode=history','link_inserter', 'width=620, height=400, resizable, scrollbars=yes'); return false;" title="Choose Page"  tabindex="diabled"><img src="/confluence/images/icons/document_zoom_in_16.gif" width="16" height="16" border="0"  tabindex="diabled" align="absmiddle"></a>
                    </div>
            </td>
        </tr>
                <tr>
            <td id="hierarchy_checkbox_area">
                    <input id="hierarchy_checkbox" tabindex="4" type="checkbox" name="moveHierarchy"  value="true" />
                    <label for="hierarchy_checkbox">
                        <span id="hierarchy_text" class="smalltext">Move children?</span>
                    </label>
            </td>
            <td>&nbsp;</td>
        </tr>
            </table>
</div>

<script>
    </script>
            </div>
            </div>
            <!-- End location section -->
            <div>
            <!-- edit page form -->
            <!-- captcha form elements -->
		<br style="clear: both" />
            </div>
            <!--content editor-->
            <div class="inputSection">
                <div style="float:right;">
                    <div class="submitButtons">
                           <input
         tabindex="102"      accessKey="s"                  type="submit"      name="confirm" value="Save"/>&nbsp;&nbsp;
<input
         tabindex="104"                      type="submit"      name="cancel" value="Cancel"/>                    </div>
                </div>
                <div id="editorDiv" style="width:100%">
                    
<script type="text/javascript">
    var contentId =  "4254" ;

    // this function is needed to store the caret position for IE browsers
    // you need to insert a call to storeCaret(this); to the onclick, onselect and onkeyup events of
    // the textarea you are editing
    function storeCaret(textAreaObject)
    {
        if (textAreaObject.createTextRange) // test for IE browsers
        {             textAreaObject.caretPos = document.selection.createRange().duplicate();         }
    }

    // this function stores the selected and unselected text for the textarea in hidden fields on the form
    function storeTextareaBits()
    {
        var t = $('markupTextarea');
        var currentForm = getCurrentForm();

        if (t.selectionStart != null)
        {             // for netscape, mozilla, gecko             t.sel = t.value.substr(t.selectionStart, t.selectionEnd - t.selectionStart);             t.sel1 = t.value.substr(0, t.selectionStart);             t.sel2 = t.value.substr(t.selectionEnd);             currentForm.selectedText.value = t.sel;         }
        else if (document.selection && document.selection.createRange)
        {
            // for ie
            var str = document.selection.createRange().text;
            try
            {                 currentForm.elements['content'].focus();             }
            catch (e)
            {             // ignore             }
            var sel = document.selection.createRange();
            currentForm.selectedText.value = sel.text;
            return;
        }
    }

    function showRichText(show)
    {
            }

    function showMarkup(show)
    {
        if(show)
        {
            $('markup').style.display = 'block';
            $('markupTab').className = 'current';


            if ($('helptd'))
            {
                try
                {                     $('helptd').style.display = 'table-cell';                 }
                catch (e)
                {                     // IE throws exception with invalid display type, so                     // we'll use the incorrect value of 'block'                     $('helptd').style.display = 'block';                 }
            }
            if ($('linkinserters'))
            {                 $('linkinserters').style.display = 'block';             }
        }
        else
        {
            $('markup').style.display = 'none';
            $('markupTab').className = '';

            if ($('helptd'))
            {                 $('helptd').style.display = 'none';             }
            if ($('linkinserters'))
            {                 $('linkinserters').style.display = 'none';             }
        }
    }

    function showPreview(show)
    {
        if(show)
        {             $('preview').style.display = 'block';             $('previewTab').className = 'current';          }
        else
        {             $('preview').style.display = 'none';             $('previewTab').className = '';         }
    }

    function setRichTextDefault(value)
    {         AjaxUserProfileEditor.setPreferenceUserEditWysiwyg(value);         $('makeRichTextDefault').style.display = 'none';         $('makeMarkupDefault').style.display = 'none';     }

    function showWaitImage(flag)
    {         $('wysiwygWaitImage').style.visibility = (flag ? 'visible' : 'hidden');     }
    function reply_setTextArea(s)
    {         showWaitImage(false);         setMode('markup');         if (s != null)             $('markupTextarea').value = s;     }
    function reply_setEditorValue(s)
    {         showWaitImage(false);         setMode('richtext');         setEditorValue(s);     }


    function reply_setPreviewArea(s)
    {         showWaitImage(false);         setMode('preview');         $('previewArea').innerHTML = s;     }


    /**
    * Set up the page for rich text or markup editing
    */
    function setMode(mode)
    {
        var inRichText = inRichTextMode();
        var form = getCurrentForm();
        form.mode.value = mode;
        if (mode != 'preview')
        {             form.xhtml.value = (mode == 'richtext');         }

        
        if (mode == 'richtext')
        {             showRichText(true);             showMarkup(false);             showPreview(false);         }

        if (mode == 'markup')
        {             if (inRichText)                 showRichText(false);             showMarkup(true);             showPreview(false);         }

        if (mode == 'preview')
        {
                    saveDraft(null);
                    if (inRichText)
            {                 // get the editor content in case we come back to wiki-markup                 lastKnownGoodContent = getEditorHTML() + "";                 showRichText(false);             }
            showMarkup(false);
            showPreview(true);
        }
    }

    // Hide and show the "make default" links, based on what mode the user is currently in, and what the WYSIWYG setting is
    function showDefaultLinks(defaultIsWysiwyg)
    {
        var showRichTextDefault = false;
        var showMarkupDefault = false;
        var form = getCurrentForm();

        // If we are in MARKUP mode, show the text to set markup as default
        if (defaultIsWysiwyg && form.mode.value == 'markup')
        {             showMarkupDefault = true;         }
        // If we are in RICHTEXT mode, show the text to set richtext as default
        else if (!defaultIsWysiwyg && form.mode.value == 'richtext')
        {             showRichTextDefault = true;         }

        $('makeRichTextDefault').style.display = (showRichTextDefault ? 'inline' : 'none');
        $('makeMarkupDefault').style.display = (showMarkupDefault ? 'inline' : 'none');
    }


    // Save the last edit mode in case the user changes to preview and from there to the other edit mode...
    // then we will have to convert the markup to XHTML or vice verca.
    var lastEditMode;

    var lastKnownGoodContent = null;

    function inRichTextMode()
    {         var form = getCurrentForm();         return form.mode.value == 'richtext';     }



    function changeMode(mode)
    {
        var form = getCurrentForm();

                

        if (form.mode.value != mode)
        {
            showWaitImage(true);

            if (mode == 'markup') // going from wysiwyg to markup
            {
                // If the current mode is preview...
                if (form.mode.value == 'preview')
                {
                    // Markup -> Preview -> Markup
                    // We don't need to do any conversion...
                    if(lastEditMode == 'markup')
                    {                         reply_setTextArea(null);                     }
                    // WYSIWYG -> Preview -> Markup
                    // Convert the WYSIWYG html to wiki markup
                    else
                    {                         WysiwygConverter.convertXHtmlToWikiMarkupWithoutPage(lastKnownGoodContent,contentId,reply_setTextArea);                     }
                }
                // WYSIWYG -> Markup, so just convert
                else
                {                     WysiwygConverter.convertXHtmlToWikiMarkupWithoutPage(getEditorHTML() + "",contentId,reply_setTextArea);                 }
            }

            else if (mode == 'richtext')// going from markup to wysiwyg
            {
                var textarea = $('markupTextarea');

                // If the current mode is preview...
                if (form.mode.value == 'preview')
                {
                    // WYSIWYG -> Preview -> WYSIWYG
                    // We don't need to reload or convert the contents of the tinyMCE editor
                    if(lastEditMode == 'richtext')
                    {                         reply_setEditorValue(null);                     }
                    // Markup -> Preview -> WYSIWYG
                    // Convert the markup to be used with WYSIWYG
                    else
                    {                         WysiwygConverter.convertWikiMarkupToXHtmlWithoutPage(textarea.value,contentId, reply_setEditorValue);                     }
                }
                // Markup -> WYSIWYG, so just grab the contents of the markup textarea and convert it to be used with WYSIWYG
                else
                {                     WysiwygConverter.convertWikiMarkupToXHtmlWithoutPage(textarea.value,contentId, reply_setEditorValue);                 }
            }

            else // viewing the preview
            {
                // WYSIWYG -> Preview
                if (form.mode.value == 'richtext')
                {                     lastEditMode = 'richtext';                     var html = getEditorHTML() + "";                     lastKnownGoodContent = html;                     WysiwygConverter.convertToPreview(html,contentId, 'java', 'richtext', reply_setPreviewArea);                 }
                // Markup -> Preview
                else
                {                     lastEditMode = 'markup';                     var textarea = $('markupTextarea');                     WysiwygConverter.convertToPreview(textarea.value, contentId, 'java', 'markup', reply_setPreviewArea);                 }
            }
        }
    }

    var contentHasChangedSinceLastAutoSave = false;
    function saveDraft(callback)
    {
        if (!callback)
            callback = function() {};

        var form = getCurrentForm();
        if (hasContentChanged())
        {
            var draftData = new Object();
            draftData.pageId = '4254';
            if (form.title)
            {                 draftData.title = form.title.value;             }
            if (form.newSpaceKey)
            {                 draftData.spaceKey = form.newSpaceKey.value;             }
            else
            {                 draftData.spaceKey = 'java';             }
            if (form.originalVersion)
            {                 draftData.pageVersion = parseInt(form.originalVersion.value);             }
            draftData.type='page';
            draftData.content = getCurrentFormContent(form);
            DraftAjax.saveDraft(draftData, form.xhtml.value == 'true', callback);
            resetContentChanged();
        }
        else
        {             // must call the call back even if we don't save a draft!             callback();         }
    }
    function heartbeat()
    {
        HeartbeatAjax.startActivity('4254', 'page',
            function (activityResponses)
                {
                    if (activityResponses.length > 0)
                    {
                        $('heartbeatDiv').style.display = 'block';
                        var html = "";
                        var sep = "";
                        for (i = 0; i < activityResponses.length; ++i)
                        {                             var activityResponse = activityResponses[i]                             var usernamelink = '<a href="/confluence/display/~' + activityResponse.userName + '">' + activityResponse.fullName + '</a>';                             var lastEditDateMessage = '';                             if (activityResponse.lastEditDate != null)                                 lastEditDateMessage = '<span class="smalltext">(last edit ' + activityResponse.lastEditDate + ')</span>';                             html += sep + usernamelink + ' ' + lastEditDateMessage;                             sep = ", ";                         }
                        $('otherUsersSpan').innerHTML = html;
                    }
                    else
                    {                         $('heartbeatDiv').style.display = 'none';                     }
                }
            );
    }
    function getCurrentForm()
    {         return document.forms['editpageform'];     }
    // Fallback function for Safari to show to submit the form via JavaScript and display the preview page.
    function sendFormWithPreview()
    {         form = getCurrentForm();         // create a hidden field for the update variable         var el = document.createElement("input");         el.type = "hidden";         el.name = "preview";         el.name = "preview";         el.value = "preview";         form.appendChild(el);         form.submit();     }

    // function to send the form to discard/use the draft
    function sendFormDraft(flagName)
    {
        form = getCurrentForm();

        addHiddenElement(form, flagName, "true");
        addHiddenElement(form, "pageId", "4254");
        if (!form.spaceKey)
        {             addHiddenElement(form, "spaceKey", "java");         }

                    form.action="edit${draft.draftType}.action";
                form.submit();
    }

    function addHiddenElement(form, name, value)
    {         var el = document.createElement("input");         el.type = "hidden";         el.name = name;         el.value = value;         form.appendChild(el);     }

</script>
                <div id='heartbeatDiv' style="display: none;">
    <table style="clear: right" cellpadding='5' width='100%' cellspacing='8px' class='noteMacro' border="0" align='center'>
        <tr><td valign='top' width="1%"><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>
            This page is being edited by <span id='otherUsersSpan'/>.            
        </td></tr>
    </table>
    </div>
    
    <ul class="tabnav" style="border-bottom: 0; width: 400px">
        <li class="tabs">
                        <a id="markupTab"  class="current" href="#" onClick="javascript:changeMode('markup');return false;">Wiki Markup</a>
                        <a id="previewTab"  href="#" onClick="javascript:sendFormWithPreview();return false;">Preview</a>
                </li>
        <li class="nontabs" style="margin: 8px 0pt 0pt 3px"><img id="wysiwygWaitImage" style="visibility:hidden" alt="Wait Image" border=0 src="/confluence/images/icons/wait.gif"></li>

            </ul>
    <!-- clears the floated elements above -->
    <br class="after-tabnav">

        <div style="background-color:#D6D6D6;  border:1px solid #CCC; border-bottom:0; " id='linkinserters'>
                                <a style="text-decoration: none" href="#" onClick="storeTextareaBits(); window.open('/confluence/users/insertimageinpage.action?pageId=4254&formname=editpageform&fieldname=content&mode=search','link_image_inserter', 'width=700, height=400, resizable, scrollbars=yes'); return false;" title="Insert Image">
            <img src="/confluence/images/icons/confimage.gif" border="0px" title="Insert Image">
        </a>

                        <a style="text-decoration: none" href="#" onClick="storeTextareaBits(); window.open('/confluence/users/insertlink.action?pageId=4254&currentspace=java&formname=editpageform&fieldname=content' + (document.getElementById('selectedText').value ? '&alias=' + document.getElementById('selectedText').value : ''),'link_inserter', 'width=620, height=480, resizable, scrollbars=yes'); return false;" title="Insert Link">
            <img src="/confluence/images/icons/conflink.gif" border="0px" title="Insert Link">
        </a>
    </div>
    
            <script type="text/javascript">
            var useWysiwyg = false;

            /*---------------------------------------------------------------------------
            Redefine the following two methods without calls to editorHasContentChanged()
            ---------------------------------------------------------------------------*/
            function hasContentChanged()
            {                 return contentHasChangedSinceLastAutoSave;             }

            function resetContentChanged()
            {                 contentHasChangedSinceLastAutoSave = false;             }
        </script>
    
        
            <script type="text/javascript" src="/confluence/s/1116/1/_/dwr/engine.js"></script>
     <!-- request this the traditional way to fix CONF-5561 -->
        
            <script type="text/javascript" src="/confluence/s/1116/1/_/wysiwyg-javascript"></script>
        <div id="markup" >
    <div>

    <textarea id="markupTextarea" name="content"
                      cols=""
                      rows="30"

                                             tabindex="5"                onclick="storeCaret(this);"
            onselect="storeCaret(this); storeTextareaBits()"
            onkeyup="storeCaret(this);contentChangeHandler();"
            onchange="contentChangeHandler();"
            style="padding:0; margin:0; width:100%; "
            class="monospaceInput"
            >h2. Recommendations

[SEC00-AJ. Do not allow exceptions to transmit sensitive information]

[SEC01-A. Be careful using doPrivileged]

[SEC02-A. Beware of standard APIs that may bypass Security Manager checks]

[SEC03-A. Beware of standard APIs that may use the immediate caller's class loader instance]

[SEC04-A. Beware of standard APIs that perform access checks against the immediate caller]

[SEC05-A. Handle exceptions appropriately]

h2. Rules

[SEC30-C. Always use a Security Manager]

[SEC31-C. Never grant AllPermission]

[SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks]

[SEC33-C. Define wrappers around native methods]

[SEC34-C. Do not allow the unauthorized construction of sensitive classes]

[SEC35-C. Provide mutable classes with a clone method]

[SEC36-C. Ensure that the bytecode verifier is applied to all involved code upon any modification]

h2. Risk Assessment Summary

h3. Rules
|| Rule || Severity || Likelihood || Remediation Cost || Priority || Level ||
| SEC30-C | high | likely | low | {color:red}{*}P27{*}{color} | {color:red}{*}L1{*}{color} |
| SEC31-C | medium | probable | medium | {color:#cc9900}{*}P8{*}{color} | {color:#cc9900}{*}L2{*}{color} |
| SEC32-C | low | unlikely | high | {color:green}{*}P1{*}{color} | {color:green}{*}L3{*}{color} |



</textarea>
    </div>
    </div>
    <input id="selectedText" name="selectedText" type="hidden">
    <!-- two hidden fields to store textarea parts for mozilla based browsers -->
    <input type="hidden" name="sel1"><!--sel1: text before the selection-->
    <input type="hidden" name="sel2"><!--sel2: text after the selection-->

    <input type="hidden" name="inPreview" value="false"/>
    <input type="hidden" name="mode" value="markup"/>
    <input type="hidden" name="xhtml" value="false"/>

    <div id="preview" style="display:  none ; border:1px solid #CCCCCC; background-color:white;">
                        <div id="previewArea" style="margin:5px;"></div>
    </div>

    <!-- javascript code to initialise draft and heartbeat ajax -->
    <script type="text/javascript">
                DraftAjax.getDraftSaveInterval(
            function (interval) { setInterval("saveDraft()", interval); }
            );
                            if ('4254' != '0')
            {
                heartbeat();
                HeartbeatAjax.getHeartbeatInterval(
                    function (interval) { setInterval("heartbeat()", interval); }
                );
            }
        
        function contentChangeHandler()
        {             contentHasChangedSinceLastAutoSave = true;         }
    </script>                </div>
            </div>
            <!-- comment field and minor edit checkbox -->
            <div class="inputSection">
                <div style="float:right">
                    <input id="minorEdit" type="checkbox" name="minorEdit" value="true"  />
                    <label for="minorEdit">
                        <span class="smalltext"><b>Minor change?</b> (no notifications will be sent)</span>
                    </label>
                </div>
                                              <span class="formtitle">Comment:</span>
                <input type="text"
                                   name="versionComment"
             size="40"                     tabindex="6"             class="monospaceInput"                style="width: 50%"       />            </div>

            <!-- Page permissions -->
            <div class="inputSection">
                

<!-- Copy some methods out of prototype 1.5 since we can't rev to it yet due to it causing a memory leak in jwebunit 1.2 and hence our func tests -->
<!-- this block of javascript can be removed when we rev to prototype 1.5 -->
<script type="text/javascript">
    Array.prototype.indexOf = function(object)
    {         for (var i = 0, length = this.length; i < length; i++)             if (this[i] == object) return i;         return -1;     }

    Array.prototype.without = function()
    {
        var values = $A(arguments);
        return this.select(function(value)
        {             return !values.include(value);         });
    }

    String.prototype.strip = function()
    {         return this.replace(/^\s^s+/, '').replace(/\s+$/, '');     }
</script>

<script type="text/javascript">



var viewPagePermissions = new PagePermissions();

var editPagePermissions = new PagePermissions();

var viewPermissionManager = new PermissionManager(PagePermissionType.VIEW);
var editPermissionManager = new PermissionManager(PagePermissionType.EDIT);
var currentPermissionManager = viewPermissionManager;



i18n['done.name.caps'] = 'DONE';
i18n['edit.name.caps'] = 'EDIT';
i18n['page.perms.viewing.restricted'] = 'Viewing restricted to:';
i18n['page.perms.editing.restricted'] = 'Editing restricted to:';
i18n['page.perms.no.view.restrictions'] = 'No viewing restrictions set on this page';
i18n['page.perms.no.edit.restrictions'] = 'No editing restrictions set on this page';
i18n['page.perms.duplicate.names'] = 'Duplicate user or group name(s):';
i18n['page.perms.invalid.entity.names'] = 'Invalid user or group name(s):';

</script>

              </div>

            <!--labels section-->
            


<script>
function toggleLabels()
{
    toggleVisibility('labels_div');
    toggleVisibility('labels_info');
    if($('labels_div').style.display == 'none')
    {         $('labels_info').innerHTML = $('labelsString').value.toLowerCase();         $('labels_edit_link').innerHTML = "EDIT";         highlight($('labels_info'));     }
    else
    {         SuggestedLabelsForEntity.viewLabels('4254', "labels/editpage-suggestedlabels.vm", loadSuggestedLabels);         $('labels_edit_link').innerHTML = "DONE";     }
}

    function loadSuggestedLabels(ajaxResponse)
    {
        if (ajaxResponse.success)
        {             $('suggestedLabelsSpan').innerHTML = ajaxResponse.response;         }
    }
</script>

<div id="labels_tab">
    <span class="formtitle">Labels: </span><span onclick="toggleLabels()" class="inline-control-link fontSizeTiny" id="labels_edit_link">EDIT</span>
</div>
<div id="labels_info">
   
</div>

<div id="labels_div" class="toggleFormDiv" style="padding: 8px; display:none">
    <table width="100%">
        <tr>
            <td width="60%" valign="top">
                <span class="error">
                    <span class="errorMessage" id="errorSpan"></span>
                </span>
                                              <input autocomplete="off" type="text" id="labelsString" name="labelsString" value="" class="monospaceInput" style="width:100%;" />
                <div class="smalltext"><em>Tip:</em> Looking for a label? Just start typing.</div>
                <div class="auto_complete" id="labelsAutocompleteList"></div>

                <script>new Ajax.Autocompleter('labelsString', 'labelsAutocompleteList', '4254', { tokens: new Array(',', ' '), dwrFunction: GenerateAutocompleteLabelsListForEntity.autocompleteLabels});</script>
            </td>
            <td valign="top">
                <div id="suggestedLabelsSpan" style="margin-top:5px;">

                </div>
            </td>
        </tr>
    </table>
</div>

<script>
    		toggleLabels();
    </script>
            <div>
                <div class="submitButtons">
                       <input
         tabindex="102"      accessKey="s"                  type="submit"      name="confirm" value="Save"/>&nbsp;&nbsp;
<input
         tabindex="104"                      type="submit"      name="cancel" value="Cancel"/>                </div>
            </div>
        </div>
    </div>
</form>
<script type="text/javascript">
	(function() {
		$A(document.getElementsByClassName("submitButtons")).each(function(div) {
			$A(div.getElementsByTagName("input")).each(function(button) {
				Event.observe(button, "click", pageFormSubmit, false);
			});
		});
	})();
</script>


<img src="/confluence/images/border/spacer.gif" width="0" height="0" border="0" onLoad="toggleHierarchy()">
    </div>
                            </div>
                        </td>
                                
    
            
    
                                                    <td valign="top" id="helptd" style="display:block; width:200px; border-top:1px solid #CCC;">
                            <div style="padding-left:5px;">
                                <div class="rightpanel">
        <div id="helpheading">
        <img src="/confluence/images/icons/help_16.gif" height=16 width=16 border=0 align=absmiddle title="Help Tips">
        Help Tips
      </div>
      <div id="helpcontent">
                        <p>
    <b>Notation Help:</b>

    (<a href="#" onClick="window.open('/confluence/renderer/notationhelp.action','notation_help','width=780, height=580, resizable, scrollbars')">full guide</a>)

    <br/>
        Text formatting:<br/>
        <span class="smalltext">
            *bold* &raquo; <b class="strong">bold</b><br/>
            _italic_ &raquo; <em class="emphasis">italic</em><br/>
            -strike- &raquo; <del class="deleted">strike</del><br/>
            +under+ &raquo; <u>under</u><br/>
        </span>
    </p>
    <p>
        Headings:<br/>
        <span class="smalltext">
            h1. Large heading!<br />
            h3. Medium heading<br/>
            h5. Small heading...<br/>
        </span>
    </p>
    <p>
        Lists:<br/>
        <span class="smalltext">
            * Bulleted point<br />
            # Numbered point<br/>
        </span>
    </p>
    <p>
        Linking:<br/>
        <span class="smalltext">
            [title#anchor] &raquo; Link a page<br/>
            [dev:title#anchor] &raquo; In space with 'dev'<br/>
            [http://host.com] &raquo; Remote link<br/>
            [phrase@shortcut] &raquo; Shortcut<br/>
            <b><i>Note:</i></b> [alias|any_of_above_links] &raquo; Custom link title
        </span>
    </p>
    <p>
        Tables:<br/>
        <span class="smalltext">
            ||head1||head2||<br/>
            |colA1|colA2|<br/>
            |colB1|colB2|
        </span>
    </p>

    Details and full examples are in the
    <a href="/confluence/renderer/notationhelp.action" onClick="window.open(this.href,'notation_help','width=680, height=440, resizable, scrollbars'); return false;">full notation guide &raquo;</a>
                </div>
  </div>
                            </div>
                        </td>
                                            </tr>
                </table>
                <!-- End inner content table -->
            </td>
        </tr>
    </table>
</div>
  	                                                            <div class="bottomshadow"></div>
<!--   	<div id="poweredby" class="smalltext">
		Powered by <a href="http://www.atlassian.com/software/confluence" class="smalltext">Atlassian Confluence</a> 2.7.3, the <a href="http://www.atlassian.com/software/confluence" class="smalltext">Enterprise Wiki</a>.
		<a href="http://jira.atlassian.com/secure/BrowseProject.jspa?id=10470" class="smalltext">Bug/feature request</a>
		-
		<a href="http://www.atlassian.com/about/connected.jsp?s_kwcid=Confluence-stayintouch" class="smalltext">Atlassian news</a>
		-
		<a href="/confluence/administrators.action">Contact administrators</a>
        <br/>
	</div>
 -->

<!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
<span style="display: none"></span>

<!--BEGIN FOOTER -->


<table border="0" width="100%" cellspacing="0" cellpadding="8" bgcolor="#666666"><tr>
<td width="50%"><img src="https://www.cert.org/cert/images/sei_cmu_logo2.gif" alt="Software Engineering Institute | Carnegie Mellon University" border="0" usemap="#footermap"/>
	<map name="footermap" id="footermap">
		<area shape="rect" coords="2,2,233,19" href="http://www.sei.cmu.edu/"  alt="Software Engineering Institute"/>
		<area shape="rect" coords="241,3,341,19" href="http://www.cmu.edu/" alt="Carnegie Mellon University" />
	</map>
</td>
<td width="50%" align="right">
	<span style="font-size:11px; color:#ffffff; font-family:Verdana">
	<a style="color:#ffffff" href="https://www.cert.org/">Home</a> | 
	<a style="color:#ffffff" href="https://www.cert.org/meet_cert/meetcertcc.html">About</a> | 
	<a  style="color:#ffffff" href="https://www.cert.org/contact_cert/">Contact</a> | 
	<a style="color:#ffffff" href="https://www.cert.org/faq/cert_faq.html">FAQ</a> | 
	<a style="color:#ffffff" href="https://www.cert.org/stats/">Statistics</a> | 
	<a style="color:#ffffff" href="https://www.cert.org/jobs/">Jobs</a> | 
	<a style="color:#ffffff" href="https://www.cert.org/legal_stuff/">Legal</a> | 
	<a style="color:#ffffff" href="https://www.securecoding.cert.org/confluence/display/seccode/Terms+and+Conditions">Legal</a>
	<br/>
	Copyright © 1995-2008 Carnegie Mellon University 
</td>
</tr>
</table>


<!--END FOOTER -->
</body>
</html>