You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 39 Next »

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 9.0p0

Checker

Guideline

AVA.LIB.RAND.LEGACY.GEN MSC02-J. Generate strong random numbers
FB.BAD_PRACTICE.FI_EMPTY MET12-J. Do not use finalizers
FB.BAD_PRACTICE.FI_EXPLICIT_INVOCATION MET12-J. Do not use finalizers
FB.BAD_PRACTICE.FI_FINALIZER_NULLS_FIELDS MET12-J. Do not use finalizers
FB.BAD_PRACTICE.FI_FINALIZER_ONLY_NULLS_FIELDS MET12-J. Do not use finalizers
FB.BAD_PRACTICE.FI_MISSING_SUPER_CALL MET12-J. Do not use finalizers
FB.BAD_PRACTICE.FI_NULLIFY_SUPER MET12-J. Do not use finalizers
FB.BAD_PRACTICE.FI_USELESS MET12-J. Do not use finalizers
FB.MALICIOUS_CODE.EI_EXPOSE_REP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
FB.MALICIOUS_CODE.EI_EXPOSE_REP2 OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
FB.MALICIOUS_CODE.FI_PUBLIC_SHOULD_BE_PROTECTED MET12-J. Do not use finalizers
FB.MALICIOUS_CODE.MS_SHOULD_BE_FINAL OBJ10-J. Do not use public static nonfinal fields
FB.MALICIOUS_CODE.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL OBJ10-J. Do not use public static nonfinal fields
FB.MT_CORRECTNESS.IS2_INCONSISTENT_SYNC VNA02-J. Ensure that compound operations on shared variables are atomic
FB.MT_CORRECTNESS.IS_FIELD_NOT_GUARDED VNA02-J. Ensure that compound operations on shared variables are atomic
FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.MT_CORRECTNESS.STCAL_STATIC_CALENDAR_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.MT_CORRECTNESS.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
JAVA.ALLOC.LEAK.NOTCLOSED FIO04-J. Release resources when they are no longer needed
JAVA.ALLOC.LEAK.NOTSTORED FIO04-J. Release resources when they are no longer needed
JAVA.ALLOC.LEAK.NOTSTORED SER10-J. Avoid memory and resource leaks during serialization
JAVA.ALLOC.LEAK.NOTSTORED MSC05-J. Do not exhaust heap space
JAVA.ARITH.FPEQUAL NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
JAVA.ARITH.OFLOW NUM00-J. Detect or prevent integer overflow
JAVA.CAST.FTRUNC NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
JAVA.CAST.FTRUNC NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
JAVA.CLASS.ACCESS.BYPASS SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
JAVA.CLASS.ACCESS.MODIFY SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
JAVA.CLASS.CLONE.CNC OBJ07-J. Sensitive classes must not let themselves be copied
JAVA.CLASS.CLONE.NF OBJ07-J. Sensitive classes must not let themselves be copied
JAVA.CLASS.CLONE.SCNC OBJ07-J. Sensitive classes must not let themselves be copied
JAVA.CLASS.ICSBS OBJ08-J. Do not expose private members of an outer class from within a nested class
JAVA.CLASS.MCS MET10-J. Follow the general contract when implementing the compareTo() method
JAVA.CLASS.SER.ND SER01-J. Do not deviate from the proper signatures of serialization methods
JAVA.CLASS.SER.ND SER03-J. Do not serialize unencrypted sensitive data
JAVA.CLASS.SER.ND SER06-J. Make defensive copies of private mutable components during deserialization
JAVA.CLASS.SER.ND SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
JAVA.CLASS.SER.ND SER12-J. Prevent deserialization of untrusted data
JAVA.CLASS.SER.UIDM SER00-J. Enable serialization compatibility during class evolution
JAVA.CLASS.UI SER10-J. Avoid memory and resource leaks during serialization
JAVA.CLASS.UI MSC05-J. Do not exhaust heap space
JAVA.COMPARE.CTO.ASSYM MET08-J. Preserve the equality contract when overriding the equals() method
JAVA.COMPARE.EMPTYSTR EXP03-J. Do not use the equality operators when comparing values of boxed primitives
JAVA.COMPARE.EQ EXP02-J. Do not use the Object.equals() method to compare two arrays
JAVA.COMPARE.EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
JAVA.COMPARE.EQARRAY EXP02-J. Do not use the Object.equals() method to compare two arrays
JAVA.COMPARE.EQARRAY EXP03-J. Do not use the equality operators when comparing values of boxed primitives
JAVA.CONCURRENCY.LOCK.DCL LCK10-J. Use a correct form of the double-checked locking idiom
JAVA.CONCURRENCY.LOCK.ICS VNA00-J. Ensure visibility when accessing shared primitive variables
JAVA.CONCURRENCY.LOCK.ISTR LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
JAVA.CONCURRENCY.LOCK.SCTB THI00-J. Do not invoke Thread.run()
JAVA.CONCURRENCY.LOCK.STATIC VNA00-J. Ensure visibility when accessing shared primitive variables
JAVA.CONCURRENCY.STARVE.BLOCKING LCK09-J. Do not perform operations that can block while holding a lock
JAVA.CONCURRENCY.SYNC.MSS VNA00-J. Ensure visibility when accessing shared primitive variables
JAVA.CONCURRENCY.UG.FIELD VNA00-J. Ensure visibility when accessing shared primitive variables
JAVA.CONCURRENCY.UG.METH LCK05-J. Synchronize access to static fields that can be modified by untrusted code
JAVA.CONCURRENCY.UG.PARAM VNA00-J. Ensure visibility when accessing shared primitive variables
JAVA.CONCURRENCY.VOLATILE VNA00-J. Ensure visibility when accessing shared primitive variables
JAVA.CONCURRENCY.VOLATILE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
JAVA.CRYPTO.BASE64 MSC02-J. Generate strong random numbers
JAVA.CRYPTO.RA MSC02-J. Generate strong random numbers
JAVA.CRYPTO.RCF MSC02-J. Generate strong random numbers
JAVA.CRYPTO.RF MSC02-J. Generate strong random numbers
JAVA.CRYPTO.WHAF MSC02-J. Generate strong random numbers
JAVA.DEBUG.CALL ERR09-J. Do not allow untrusted code to terminate the JVM
JAVA.DEBUG.LOG ERR02-J. Prevent exceptions while logging data
JAVA.DEBUG.MEDF ENV06-J. Production code must not contain debugging entry points
JAVA.DEEPNULL.DEREF EXP01-J. Do not use a null in a case where an object is required
JAVA.DEEPNULL.EFIELD EXP01-J. Do not use a null in a case where an object is required
JAVA.DEEPNULL.FIELD EXP01-J. Do not use a null in a case where an object is required
JAVA.DEEPNULL.PARAM.ACTUAL EXP01-J. Do not use a null in a case where an object is required
JAVA.DEEPNULL.PARAM.EACTUAL EXP01-J. Do not use a null in a case where an object is required
JAVA.DEEPNULL.RET.EMETH EXP01-J. Do not use a null in a case where an object is required
JAVA.DEEPNULL.RET.METH EXP01-J. Do not use a null in a case where an object is required
JAVA.FUNCS.IRV EXP00-J. Do not ignore values returned by methods
JAVA.FUNCS.IRV FIO02-J. Detect and handle file-related errors
JAVA.HARDCODED.PASSWD MSC03-J. Never hard code sensitive information
JAVA.HARDCODED.SEED MSC02-J. Generate strong random numbers
JAVA.IDEF.CTOEQ MET08-J. Preserve the equality contract when overriding the equals() method
JAVA.IDEF.CTONOEQ MET08-J. Preserve the equality contract when overriding the equals() method
JAVA.IDEF.EQUALSNOHC MET09-J. Classes that define an equals() method must also define a hashCode() method
JAVA.IDEF.HCNOEQUALS MET09-J. Classes that define an equals() method must also define a hashCode() method
JAVA.IDEF.NOEQUALS MET08-J. Preserve the equality contract when overriding the equals() method
JAVA.INSEC.LDAP.POISON ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it
JAVA.IO.INJ.ANDROID.MESSAGE SER02-J. Sign then seal objects before sending them outside a trust boundary
JAVA.IO.INJ.ANDROID.MESSAGE SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar
JAVA.IO.INJ.CODE IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.INJ.COMMAND IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
JAVA.IO.INJ.COMMAND IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.INJ.DENIAL IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.INJ.DLL IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.INJ.SQL IDS00-J. Prevent SQL injection
JAVA.IO.INJ.SQL IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.INJ.XSS IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.PERM FIO01-J. Create files with appropriate access permissions
JAVA.IO.PERM SEC01-J. Do not allow tainted variables in privileged blocks
JAVA.IO.PERM ENV03-J. Do not grant dangerous combinations of permissions
JAVA.IO.PERM.ACCESS FIO01-J. Create files with appropriate access permissions
JAVA.IO.PERM.ACCESS SEC01-J. Do not allow tainted variables in privileged blocks
JAVA.IO.TAINT.ADDR IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.BUNDLE IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.CONTROL IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.DEVICE IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.EVAL IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.HTTP IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.LDAP.ATTR IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.LDAP.FILTER IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.LOG IDS03-J. Do not log unsanitized user input
JAVA.IO.TAINT.LOG IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.MESSAGE IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.MESSAGE SER02-J. Sign then seal objects before sending them outside a trust boundary
JAVA.IO.TAINT.MESSAGE SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar
JAVA.IO.TAINT.PATH IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.REFLECTION IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.REGEX IDS08-J. Sanitize untrusted data included in a regular expression
JAVA.IO.TAINT.REGEX IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.RESOURCE IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.SESSION IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.TRUSTED IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.URL IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.XAML IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.XML IDS14-J. Do not trust the contents of hidden form fields
JAVA.IO.TAINT.XPATH IDS14-J. Do not trust the contents of hidden form fields
JAVA.LIB.RAND.FUNC MSC02-J. Generate strong random numbers
JAVA.MATH.ABSRAND NUM00-J. Detect or prevent integer overflow
JAVA.MATH.APPROX.E NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
JAVA.MATH.APPROX.PI NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
JAVA.MISC.SD.EXT MSC03-J. Never hard code sensitive information
JAVA.NULL.DEREF EXP01-J. Do not use a null in a case where an object is required
JAVA.NULL.PARAM.ACTUAL EXP01-J. Do not use a null in a case where an object is required
JAVA.NULL.RET.ARRAY EXP01-J. Do not use a null in a case where an object is required
JAVA.NULL.RET.BOOL EXP01-J. Do not use a null in a case where an object is required
JAVA.NULL.RET.OPT EXP01-J. Do not use a null in a case where an object is required
JAVA.NULL.RET.UNCHECKED EXP00-J. Do not ignore values returned by methods
JAVA.NULL.RET.UNCHECKED FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
JAVA.STRUCT.DUPD EXP01-J. Do not use a null in a case where an object is required
JAVA.STRUCT.EXCP.BROAD ERR07-J. Do not throw RuntimeException, Exception, or Throwable
JAVA.STRUCT.EXCP.EEH ERR00-J. Do not suppress or ignore checked exceptions
JAVA.STRUCT.EXCP.GEH ERR08-J. Do not catch NullPointerException or any of its ancestors
JAVA.STRUCT.EXCP.INAPP ERR08-J. Do not catch NullPointerException or any of its ancestors
JAVA.STRUCT.SE.ASSERT EXP06-J. Expressions used in assertions must not produce side effects
JAVA.STRUCT.UA DCL00-J. Prevent class initialization cycles
JAVA.STRUCT.UA.DEFAULT DCL00-J. Prevent class initialization cycles
JAVA.STRUCT.UPD EXP01-J. Do not use a null in a case where an object is required
JAVA.STRUCT.UPED EXP01-J. Do not use a null in a case where an object is required
  • No labels