Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 00. Input Validation and Data Sanitization (IDS)
IDS01-J. Normalize strings before validating them
Page Information
Title:
IDS01-J. Normalize strings before validating them
Author:
Dhruv Mohindra
Sep 26, 2009
Last Changed by:
Hiromi Kinoshita
Sep 02, 2025
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/gjdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (4)
Page:
FIO16-J. Canonicalize path names before validating them
Page:
IDS00-J. Prevent SQL injection
Page:
IDS51-J. Properly encode or escape output
Page:
JNI04-J. Do not assume that Java strings are null-terminated
Android (1)
Page:
Applicable in Principle to Android (Java Rules/Recomendations)
Hierarchy
Parent Page
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Labels
Global Labels (7)
ids
android
normative
rule
android-implementation-detail-java
analyzable
tech-edit-done
Recent Changes
Time
Editor
Sep 02, 2025 02:14
Hiromi Kinoshita
View Changes
fixed HTML tags of NCCE
Aug 06, 2025 10:06
David Svoboda
View Changes
REM cost reform
Mar 05, 2025 11:23
Jill Britton
View Changes
Nov 16, 2017 14:43
Will Snavely
View Changes
Feb 26, 2017 14:53
Robert Schiela
Made priority and level ratings in risk assessment bold, to be consistent.
View Page History
Outgoing Links
External Links (6)
cwe.mitre.org/data/definitions/289.html
www.lookout.net/wp-content/uploads/2009/03/chris_weber_expl…
www.unicode.org/reports/tr15/tr15-23.html
cwe.mitre.org/data/definitions/180.html
cwe.mitre.org/
java.sun.com/javase/6/docs/api/
SEI CERT Oracle Coding Standard for Java (11)
Page:
The Checker Framework_V
Page:
IDS00-J. Prevent SQL injection
Page:
Rule BB. Glossary
Page:
VOID IDS02-J. Canonicalize path names before validating them
Home page:
SEI CERT Oracle Coding Standard for Java
Page:
Klocwork_V
Page:
Rule AA. References
Page:
Fortify
Page:
The Checker Framework
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Page:
Klocwork
Overview
Content Tools
{"serverDuration": 90, "requestCorrelationId": "9eef4f12154039dd"}