Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (10)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
SEI CERT Oracle Coding Standard for Java
Page Information
Title:
SEI CERT Oracle Coding Standard for Java
Author:
Joe McManus MGR
Jan 12, 2007
Last Changed by:
Robert Schiela
Jun 11, 2018
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/FjdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Perl Coding Standard (8)
Page:
EXP31-PL. Do not suppress or ignore exceptions
Page:
FIO01-PL. Do not operate on files that can be modified by untrusted users
Page:
IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter
Page:
EXP32-PL. Do not ignore function return values
Page:
IDS00-PL. Canonicalize path names before validating them
Page:
IDS30-PL. Exclude user input from format strings
Page:
IDS33-PL. Sanitize untrusted data passed across a trust boundary
Page:
EXP30-PL. Do not use deprecated or obsolete functions or modules
SEI CERT Oracle Coding Standard for Java (200)
Page:
EXP03-J. Do not use the equality operators when comparing values of boxed primitives
Page:
SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
Page:
Rule 49. Miscellaneous (MSC)
Page:
OBJ13-J. Ensure that references to mutable objects are not exposed
Page:
ERR05-J. Do not let checked exceptions escape from a finally block
Page:
MET06-J. Do not invoke overridable methods in clone()
Page:
MET01-J. Never use assertions to validate method arguments
Page:
SER04-J. Do not allow serialization and deserialization to bypass the security manager
Page:
OBJ02-J. Preserve dependencies in subclasses when changing superclasses
Page:
SER06-J. Make defensive copies of private mutable components during deserialization
Page:
MSC08-J. Do not store nonserializable objects as attributes in an HTTP session
Page:
IDS15-J. Do not allow sensitive information to leak outside a trust boundary
Page:
ERR02-J. Prevent exceptions while logging data
Page:
NUM10-J. Do not construct BigDecimal objects from floating-point literals
Page:
IDS08-J. Sanitize untrusted data included in a regular expression
Page:
Rule 12. Thread-Safety Miscellaneous (TSM)
Page:
DCL01-J. Do not reuse public identifiers from the Java Standard Library
Page:
NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
VNA05-J. Ensure atomicity when reading and writing 64-bit values
Page:
FIO14-J. Perform proper cleanup at program termination
Page:
MSC06-J. Do not modify the underlying collection when an iteration is in progress
Page:
NUM09-J. Do not use floating-point variables as loop counters
Page:
SER01-J. Do not deviate from the proper signatures of serialization methods
Page:
TPS01-J. Do not execute interdependent tasks in a bounded thread pool
Page:
TSM03-J. Do not publish partially initialized objects
Page:
MSC02-J. Generate strong random numbers
Page:
Rule 08. Visibility and Atomicity (VNA)
Page:
IDS04-J. Safely extract files from ZipInputStream
Page:
OBJ58-J. Limit the extensibility of classes and methods with invariants
Page:
Rule 14. Serialization (SER)
Page:
OBJ05-J. Do not return references to private mutable class members
Page:
OBJ07-J. Sensitive classes must not let themselves be copied
Page:
ERR03-J. Restore prior object state on method failure
Page:
LCK05-J. Synchronize access to static fields that can be modified by untrusted code
Page:
Rule 02. Expressions (EXP)
Page:
TSM02-J. Do not use background threads during class initialization
Page:
Rule 01. Declarations and Initialization (DCL)
Page:
TPS03-J. Ensure that tasks executing in a thread pool do not fail silently
Page:
MET11-J. Ensure that keys used in comparison operations are immutable
Page:
Rule 09. Locking (LCK)
Page:
THI01-J. Do not invoke ThreadGroup methods
Page:
LCK04-J. Do not synchronize on a collection view if the backing collection is accessible
Page:
SER00-J. Enable serialization compatibility during class evolution
Page:
OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Page:
SER09-J. Do not invoke overridable methods from the readObject() method
Page:
SER12-J. Prevent deserialization of untrusted data
Page:
THI05-J. Do not use Thread.stop() to terminate threads
Page:
MET08-J. Preserve the equality contract when overriding the equals() method
Page:
MSC09-J. For OAuth, ensure (a) [relying party receiving user's ID in last step] is same as (b) [relying party the access token was granted to].
Page:
LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
Page:
THI03-J. Always invoke wait() and await() methods inside a loop
Page:
EXP02-J. Do not use the Object.equals() method to compare two arrays
Page:
MET12-J. Do not use finalizers
Page:
STR02-J. Specify an appropriate locale when comparing locale-dependent data
Page:
IDS11-J. Perform any string modifications before validation
Page:
STR03-J. Do not encode noncharacter data as a string
Page:
MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
Page:
MET09-J. Classes that define an equals() method must also define a hashCode() method
Page:
ERR04-J. Do not complete abruptly from a finally block
Page:
EXP01-J. Do not use a null in a case where an object is required
Page:
THI04-J. Ensure that threads performing blocking operations can be terminated
Page:
IDS14-J. Do not trust the contents of hidden form fields
Page:
IDS50-J. Use conservative file naming conventions
Page:
EXP06-J. Expressions used in assertions must not produce side effects
Page:
MSC10-J. Do not use OAuth 2.0 implicit grant (unmodified) for authentication
Page:
LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects
Page:
DCL00-J. Prevent class initialization cycles
Page:
NUM11-J. Do not compare or inspect the string representation of floating-point values
Page:
SEC02-J. Do not base security checks on untrusted sources
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
Rule 03. Numeric Types and Operations (NUM)
Page:
STR51-J. Use the charset encoder and decoder classes when more control over the encoding process is required
Page:
TPS04-J. Ensure ThreadLocal variables are reinitialized when using thread pools
Page:
Rule 07. Exceptional Behavior (ERR)
Page:
IDS06-J. Exclude unsanitized user input from format strings
Page:
ENV04-J. Do not disable bytecode verification
Page:
SER05-J. Do not serialize instances of inner classes
Page:
MET10-J. Follow the general contract when implementing the compareTo() method
Page:
JNI03-J. Do not use direct pointers to Java objects in JNI code
Page:
MSC04-J. Do not leak memory
Page:
FIO10-J. Ensure the array is filled when using read() to fill an array
Page:
OBJ11-J. Be wary of letting constructors throw exceptions
Page:
JNI04-J. Do not assume that Java strings are null-terminated
Page:
Rule 17. Java Native Interface (JNI)
Page:
EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
Page:
JNI01-J. Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary)
Page:
FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code
Page:
SER02-J. Sign then seal objects before sending them outside a trust boundary
Page:
FIO12-J. Provide methods to read and write little-endian data
Page:
NUM14-J. Use shift operators correctly
Page:
SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar
Page:
SER10-J. Avoid memory and resource leaks during serialization
Page:
IDS01-J. Normalize strings before validating them
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
ERR07-J. Do not throw RuntimeException, Exception, or Throwable
Page:
THI00-J. Do not invoke Thread.run()
Page:
STR50-J. Use the appropriate method for counting characters in a string
Page:
OBJ01-J. Limit accessibility of fields
Page:
JNI00-J. Define wrappers around native methods
Page:
EXP00-J. Do not ignore values returned by methods
Page:
ERR06-J. Do not throw undeclared checked exceptions
Page:
SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader
Page:
NUM08-J. Check floating-point inputs for exceptional values
Page:
DCL02-J. Do not modify the collection's elements during an enhanced for statement
Page:
IDS16-J. Prevent XML Injection
Page:
LCK11-J. Avoid client-side locking when using classes that do not commit to their locking strategy
Page:
FIO02-J. Detect and handle file-related errors
Page:
Rule 16. Runtime Environment (ENV)
Page:
STR01-J. Do not assume that a Java char fully represents a Unicode code point
Page:
MSC07-J. Prevent multiple instantiations of singleton objects
Page:
NUM00-J. Detect or prevent integer overflow
Page:
ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it
Page:
NUM07-J. Do not attempt comparisons with NaN
Page:
MSC01-J. Do not use an empty infinite loop
Page:
NUM03-J. Use integer types that can fully represent the possible range of unsigned data
Page:
VNA00-J. Ensure visibility when accessing shared primitive variables
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
Rule. Preface
Page:
SEC58-J. Deserialization methods should not perform potentially dangerous operations
Page:
VNA02-J. Ensure that compound operations on shared variables are atomic
Page:
ENV00-J. Do not sign code that performs only unprivileged operations
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Page:
NUM04-J. Do not use floating-point numbers if precise computation is required
Page:
VNA04-J. Ensure that calls to chained methods are atomic
Page:
FIO16-J. Canonicalize path names before validating them
Page:
NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms
Page:
LCK09-J. Do not perform operations that can block while holding a lock
Page:
ERR09-J. Do not allow untrusted code to terminate the JVM
Page:
FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream
Page:
ENV03-J. Do not grant dangerous combinations of permissions
Page:
FIO07-J. Do not let external processes block on IO buffers
Page:
Rule 06. Methods (MET)
Page:
NUM54-J. Do not use denormalized numbers
Page:
SER03-J. Do not serialize unencrypted sensitive data
Page:
FIO13-J. Do not log sensitive information outside a trust boundary
Page:
FIO08-J. Distinguish between characters or bytes read from a stream and -1
Page:
NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
Page:
MET02-J. Do not use deprecated or obsolete classes or methods
Page:
STR04-J. Use compatible character encodings when communicating string data between JVMs
Page:
TPS02-J. Ensure that tasks submitted to a thread pool are interruptible
Page:
VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
Page:
LCK02-J. Do not synchronize on the class object returned by getClass()
Page:
LCK06-J. Do not use an instance lock to protect shared static data
Page:
LCK01-J. Do not synchronize on objects that may be reused
Page:
FIO15-J. Do not reset a servlet's output stream after committing it
Page:
ENV06-J. Production code must not contain debugging entry points
Page:
ERR01-J. Do not allow exceptions to expose sensitive information
Page:
EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type
Page:
MSC00-J. Use SSLSocket rather than Socket for secure data exchange
Page:
Rule 04. Characters and Strings (STR)
Page:
TSM00-J. Do not override thread-safe methods with methods that are not thread-safe
Page:
Java Rules
Page:
THI02-J. Notify all waiting threads rather than a single thread
Page:
MSC05-J. Do not exhaust heap space
Page:
MET05-J. Ensure that constructors do not call overridable methods
Page:
OBJ12-J. Respect object-based annotations
Page:
STR00-J. Don't form strings containing partial characters from variable-width encodings
Page:
LCK10-J. Use a correct form of the double-checked locking idiom
Page:
OBJ06-J. Defensively copy mutable inputs and mutable internal components
Page:
MSC03-J. Never hard code sensitive information
Page:
EXP07-J. Prevent loss of useful data due to weak references
Page:
IDS00-J. Prevent SQL injection
Page:
ERR00-J. Do not suppress or ignore checked exceptions
Page:
Rule 11. Thread Pools (TPS)
Page:
OBJ03-J. Prevent heap pollution
Page:
FIO04-J. Release resources when they are no longer needed
Page:
IDS03-J. Do not log unsanitized user input
Page:
OBJ09-J. Compare classes and not class names
Page:
FIO00-J. Do not operate on files in shared directories
Page:
LCK08-J. Ensure actively held locks are released on exceptional conditions
Page:
MET03-J. Methods that perform a security check must be declared private or final
Page:
NUM01-J. Do not perform bitwise and arithmetic operations on the same data
Page:
OBJ08-J. Do not expose private members of an outer class from within a nested class
Page:
Rule 50. Android (DRD)
Page:
SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary
Page:
OBJ10-J. Do not use public static nonfinal fields
Page:
SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
Page:
TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts
Page:
FIO01-J. Create files with appropriate access permissions
Page:
JNI02-J. Do not assume object references are constant or unique
Page:
ENV05-J. Do not deploy an application that can be remotely monitored
Page:
Rule 13. Input Output (FIO)
Page:
NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
Page:
SER08-J. Minimize privileges before deserializing from a privileged context
Page:
MET04-J. Do not increase the accessibility of overridden or hidden methods
Page:
SER11-J. Prevent overwriting of externalizable objects
Page:
ERR08-J. Do not catch NullPointerException or any of its ancestors
Page:
Rule 15. Platform Security (SEC)
Page:
ENV02-J. Do not trust the values of environment variables
Page:
TSM01-J. Do not let the this reference escape during object construction
Page:
FIO03-J. Remove temporary files before termination
Page:
VNA01-J. Ensure visibility of shared references to immutable objects
Page:
Rule 05. Object Orientation (OBJ)
Page:
MSC11-J. Do not let session information leak within a servlet
Page:
Rule 10. Thread APIs (THI)
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
Page:
LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Page:
MET00-J. Validate method arguments
Android (24)
Page:
DRD04-J. Do not log sensitive information
Page:
DRD06. Do not act on malicious intents
Page:
Applicability Test
Page:
DRD10-X. Do not release apps that are debuggable
Page:
DRD08-J. Always canonicalize a URL received by a content provider
Page:
DRD00. Do not store sensitive information on external storage (SD card) unless encrypted first
Page:
DRD13. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)
Page:
DRD17-J. Do not use the Android cryptographic security provider encryption default for AES
Page:
DRD20-C. Specify permissions when creating files via the NDK
Page:
DRD05-J. Do not grant URI permissions on implicit intents
Page:
DRD14-J. Check that a calling app has appropriate permissions before responding
Page:
DRD18. Do not use the default behavior in a cryptographic library if it does not use recommended practices
Page:
DRD09. Restrict access to sensitive activities
Page:
Java Rule 50: Android (DRD)
Page:
Applicable in Principle to Android (Java Rules/Recomendations)
Page:
DRD02-J. Do not allow WebView to access sensitive local resource through file scheme
Page:
DRD15-J. Consider privacy concerns when using Geolocation API
Page:
Unknown Applicability to Android (Java Rules/Recomendations)
Page:
DRD16-X. Explicitly define the exported attribute for private components
Page:
DRD11. Ensure that sensitive data is kept secure
Page:
DRD01-X. Limit the accessibility of an app's sensitive content provider
Page:
DRD07-X. Protect exported services with strong permissions
Page:
DRD03-J. Do not broadcast sensitive information using an implicit intent
Page:
DRD12. Do not trust data that is world writable
CERT Secure Coding (1)
Home page:
SEI CERT Coding Standards
SEI CERT C++ Coding Standard (6)
Page:
CON53-CPP. Avoid deadlock by locking in a predefined order
Page:
CON51-CPP. Ensure actively held locks are released on exceptional conditions
Page:
CON55-CPP. Preserve thread safety and liveness when using condition variables
Page:
CON54-CPP. Wrap functions that can spuriously wake up in a loop
Page:
CTR57-CPP. Provide a valid ordering predicate
Page:
MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers
SEI CERT C Coding Standard (28)
Page:
INT10-C. Do not assume a positive remainder when using the % operator
Page:
STR02-C. Sanitize data passed to complex subsystems
Page:
MSC17-C. Finish every set of statements associated with a case label with a break statement
Page:
PRE04-C. Do not reuse a standard header file name
Page:
FLP02-C. Avoid using floating-point numbers when precise computation is needed
Page:
EXP12-C. Do not ignore values returned by functions
Page:
FLP05-C. Do not use denormalized numbers
Page:
FLP06-C. Convert integers to floating point for floating-point operations
Page:
FIO06-C. Create files with appropriate access permissions
Page:
MSC25-C. Do not use insecure or weak cryptographic algorithms
Page:
MSC06-C. Beware of compiler optimizations
Page:
TODO List
Page:
FLP00-C. Understand the limitations of floating-point numbers
Page:
FIO22-C. Close files before spawning processes
Page:
POS47-C. Do not use threads that can be canceled asynchronously
Page:
FIO21-C. Do not create temporary files in shared directories
Page:
FIO02-C. Canonicalize path names originating from tainted sources
Page:
MSC21-C. Use robust loop termination conditions
Page:
ENV03-C. Sanitize the environment when invoking external programs
Page:
MSC09-C. Character encoding: Use subset of ASCII for safety
Page:
FLP04-C. Check floating-point inputs for exceptional values
Page:
MEM11-C. Do not assume infinite heap space
Page:
CON07-C. Ensure that compound operations on shared variables are atomic
Page:
ERR04-C. Choose an appropriate termination strategy
Page:
INT14-C. Avoid performing bitwise and arithmetic operations on the same data
Page:
EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
Page:
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Page:
INT09-C. Ensure enumeration constants map to unique values
Hierarchy
Children (6)
Page:
1 Front Matter
Page:
2 Rules
Page:
3 Recommendations
Page:
4 Back Matter
Page:
5 Admin
Page:
7 Index
Labels
Global Labels (1)
wikimain
Recent Changes
Time
Editor
Jun 11, 2018 16:47
Robert Schiela
View Changes
Corrected "Create a sign-in account" link
Mar 22, 2018 10:45
Robert Schiela
View Changes
Updated SCALe link after cert.org moved to sei.cmu.edu
Nov 06, 2017 11:53
Robert Schiela
View Changes
Changed notice to be macro.
Nov 05, 2017 17:30
Robert Schiela
View Changes
Changed Maintenance Notice to reference a page rather than have all of the information.
Oct 24, 2017 21:10
Robert Schiela
updated maintenance notice and changed page layout.
View Page History
Outgoing Links
External Links (5)
www.cert.org/secure-coding/contact.cfm
https://resources.sei.cmu.edu/library/asset-view.cfm?asseti…
www.informit.com/store/cert-oracle-secure-coding-standard-f…
www.informit.com/store/java-coding-guidelines-75-recommenda…
https://wiki.sei.cmu.edu/confluence/signup.action
SEI CERT Oracle Coding Standard for Java (2)
Page:
Acknowledgments
Home page:
SEI CERT Oracle Coding Standard for Java
CERT Secure Coding (2)
Page:
Secure Coding Space Homepage Notices
Page:
Understand the Difference Between Rules and Recommendations
Overview
Content Tools
{"serverDuration": 123, "requestCorrelationId": "6e21985f51204be1"}