Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
4 Back Matter
Rule or Rec. CC. Analyzers
CodeSonar_V
Page Information
Title:
CodeSonar_V
Author:
Will Snavely
Oct 06, 2016
Last Changed by:
Jon O'Donnell
Apr 01, 2024
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/5DdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (53)
Page:
IDS03-J. Do not log unsanitized user input
Page:
FIO04-J. Release resources when they are no longer needed
Page:
IDS00-J. Prevent SQL injection
Page:
ERR07-J. Do not throw RuntimeException, Exception, or Throwable
Page:
ENV06-J. Production code must not contain debugging entry points
Page:
ERR02-J. Prevent exceptions while logging data
Page:
ERR00-J. Do not suppress or ignore checked exceptions
Page:
SER10-J. Avoid memory and resource leaks during serialization
Page:
ERR09-J. Do not allow untrusted code to terminate the JVM
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
LCK10-J. Use a correct form of the double-checked locking idiom
Page:
SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
Page:
MET08-J. Preserve the equality contract when overriding the equals() method
Page:
EXP01-J. Do not use a null in a case where an object is required
Page:
EXP00-J. Do not ignore values returned by methods
Page:
IDS14-J. Do not trust the contents of hidden form fields
Page:
ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it
Page:
MSC02-J. Generate strong random numbers
Page:
MSC05-J. Do not exhaust heap space
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
OBJ07-J. Sensitive classes must not let themselves be copied
Page:
THI00-J. Do not invoke Thread.run()
Page:
SER02-J. Sign then seal objects before sending them outside a trust boundary
Page:
IDS08-J. Sanitize untrusted data included in a regular expression
Page:
NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
Page:
OBJ08-J. Do not expose private members of an outer class from within a nested class
Page:
VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
Page:
ENV03-J. Do not grant dangerous combinations of permissions
Page:
MET09-J. Classes that define an equals() method must also define a hashCode() method
Page:
SER01-J. Do not deviate from the proper signatures of serialization methods
Page:
FIO01-J. Create files with appropriate access permissions
Page:
MET10-J. Follow the general contract when implementing the compareTo() method
Page:
SER00-J. Enable serialization compatibility during class evolution
Page:
FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
Page:
LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Page:
SER12-J. Prevent deserialization of untrusted data
Page:
CodeSonar
Page:
SER06-J. Make defensive copies of private mutable components during deserialization
Page:
DCL00-J. Prevent class initialization cycles
Page:
NUM00-J. Detect or prevent integer overflow
Page:
LCK09-J. Do not perform operations that can block while holding a lock
Page:
SER03-J. Do not serialize unencrypted sensitive data
Page:
EXP06-J. Expressions used in assertions must not produce side effects
Page:
FIO02-J. Detect and handle file-related errors
Page:
EXP02-J. Do not use the Object.equals() method to compare two arrays
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Page:
SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar
Page:
EXP03-J. Do not use the equality operators when comparing values of boxed primitives
Page:
MSC03-J. Never hard code sensitive information
Page:
ERR08-J. Do not catch NullPointerException or any of its ancestors
Page:
NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
Page:
LCK05-J. Synchronize access to static fields that can be modified by untrusted code
Page:
VNA00-J. Ensure visibility when accessing shared primitive variables
Hierarchy
Parent Page
Page:
Rule or Rec. CC. Analyzers
Labels
There are no labels assigned to this page.
Recent Changes
Time
Editor
Apr 01, 2024 15:56
Jon O'Donnell
View Changes
Dec 07, 2023 09:25
Jon O'Donnell
View Changes
Jul 27, 2023 14:11
Jon O'Donnell
View Changes
Mar 30, 2023 15:25
Jon O'Donnell
View Changes
Dec 13, 2022 15:43
Jon O'Donnell
View Page History
Overview
Content Tools
{"serverDuration": 135, "requestCorrelationId": "3b4d9867d9961942"}
