Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Recommendations

FIO00-A. Blah blah blah

FIO01-A. Prefer functions that do not rely on file names for identification

FIO02-A. Canonicalize file names originating from untrusted sources

FIO03-A. Do not make assumptions about fopen() and file creation

Rules

FIO30-C. Exclude user input from format strings

FIO32-C. Temporary file names must be unique when the file is created

...

Rules

SEC30-C. Always use a Security Manager

SEC31-C. Never grant AllPermission

SEC32-C. Do not grant ReflectPermission with action suppressAccessChecks

Risk Assessment Summary

...

Rules

Recommendation Rule

Severity

Likelihood

Remediation Cost

Priority

Level

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO01 SEC30-A C

3 (high)

2 3 (likely)

1 (high)

P6

L2

FIO02-A

3 (highlow)

1 (unlikely)

1 (high)

P3

L3

Rules

FIO30P27

L1

SEC31-C

3 2 (highmedium)

3 2 (probable) 3

2 (lowmedium)

P27 P8

L1 L2

FIO32 SEC32-C

3 1 (highlow)

2 1 (probableunlikely)

1 (mediumhigh)

P6 P1

L2 L3