Title: The Checker Framework_V  
Author: David Svoboda Oct 05, 2016
Last Changed by: David Svoboda Oct 05, 2016
Tiny Link: (useful for email) https://wiki.sei.cmu.edu/confluence/x/3zdGBQ
Export As: Word · PDF  
Incoming Links
SEI CERT Oracle Coding Standard for Java (31)
    Page: STR02-J. Specify an appropriate locale when comparing locale-dependent data
    Page: The Checker Framework
    Page: IDS14-J. Do not trust the contents of hidden form fields
    Page: IDS16-J. Prevent XML Injection
    Page: IDS04-J. Safely extract files from ZipInputStream
    Page: IDS06-J. Exclude unsanitized user input from format strings
    Page: IDS17-J. Prevent XML External Entity Attacks
    Page: IDS51-J. Properly encode or escape output
    Page: IDS52-J. Prevent code injection
    Page: EXP50-J. Do not confuse abstract object equality with reference equality
    Page: IDS50-J. Use conservative file naming conventions
    Page: IDS55-J. Understand how escape characters are interpreted when strings are loaded
    Page: FIO16-J. Canonicalize path names before validating them
    Page: LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
    Page: LCK01-J. Do not synchronize on objects that may be reused
    Page: IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
    Page: IDS01-J. Normalize strings before validating them
    Page: IDS11-J. Perform any string modifications before validation
    Page: MET56-J. Do not use Object.equals() to compare cryptographic keys
    Page: IDS08-J. Sanitize untrusted data included in a regular expression
    Page: IDS03-J. Do not log unsanitized user input
    Page: STR01-J. Do not assume that a Java char fully represents a Unicode code point
    Page: IDS15-J. Do not allow sensitive information to leak outside a trust boundary
    Page: EXP01-J. Do not use a null in a case where an object is required
    Page: IDS00-J. Prevent SQL injection
    Page: IDS53-J. Prevent XPath Injection
    Page: OBJ09-J. Compare classes and not class names
    Page: IDS56-J. Prevent arbitrary file upload
    Page: IDS54-J. Prevent LDAP injection
    Page: STR04-J. Use compatible character encodings when communicating string data between JVMs
    Page: MSC07-J. Prevent multiple instantiations of singleton objects
Parent Page
    Page: Rule or Rec. CC. Analyzers
There are no labels assigned to this page.