SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 54 Current »

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 2025.2

Checker

Guideline

CMP.CLASS OBJ09-J. Compare classes and not class names
CMP.OBJ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
EHC.EQ MET09-J. Classes that define an equals() method must also define a hashCode() method
EHC.HASH MET09-J. Classes that define an equals() method must also define a hashCode() method
EXC.BROADTHROWS ERR07-J. Do not throw RuntimeException, Exception, or Throwable
FIN.EMPTY MET12-J. Do not use finalizers
FIN.NOSUPER MET12-J. Do not use finalizers
JAVA.ASSERT.ARG MET01-J. Never use assertions to validate method arguments
JAVA.BIGDEC.FLOAT NUM10-J. Do not construct BigDecimal objects from floating-point literals
JAVA.COMPARE.NAN NUM07-J. Do not attempt comparisons with NaN
JAVA.CTOR.EXCEPT OBJ11-J. Be wary of letting constructors throw exceptions
JAVA.DEBUG.ENTRY ENV06-J. Production code must not contain debugging entry points
JAVA.FINAL.STATIC.VAR OBJ11-J. Be wary of letting constructors throw exceptions
JAVA.INF.LOOP.EMPTY MSC01-J. Do not use an empty infinite loop
JAVA.LOOP.CTR.FLOAT NUM09-J. Do not use floating-point variables as loop counters
JAVA.NATIVE.PUBLIC JNI00-J. Define wrappers around native methods
JAVA.SERIALIZE.INNER SER05-J. Do not serialize instances of inner classes
JAVA.SV.XML.INVALID IDS16-J. Prevent XML Injection
JAVA.WAIT.IN.LOOP THI03-J. Always invoke wait() and await() methods inside a loop
JD.CATCH ERR08-J. Do not catch NullPointerException or any of its ancestors
JD.EQ.ARR EXP02-J. Do not use the Object.equals() method to compare two arrays
JD.FINRET ERR04-J. Do not complete abruptly from a finally block
JD.LOCK.NOTIFY LCK09-J. Do not perform operations that can block while holding a lock
JD.LOCK.SLEEP LCK09-J. Do not perform operations that can block while holding a lock
JD.LOCK.WAIT LCK09-J. Do not perform operations that can block while holding a lock
JD.SYNC.DCL LCK10-J. Use a correct form of the double-checked locking idiom
JD.UMC.FINALIZE MET12-J. Do not use finalizers
JD.UMC.RUNFIN MET12-J. Do not use finalizers
JD.UNCAUGHT ERR05-J. Do not let checked exceptions escape from a finally block
JD.UNMOD DCL02-J. Do not modify the collection's elements during an enhanced for statement
NPE.COND EXP01-J. Do not use a null in a case where an object is required
NPE.CONST EXP01-J. Do not use a null in a case where an object is required
NPE.RET EXP01-J. Do not use a null in a case where an object is required
NPE.RET.UTIL EXP01-J. Do not use a null in a case where an object is required
NPE.STAT EXP01-J. Do not use a null in a case where an object is required
REDUN.EQNULL EXP01-J. Do not use a null in a case where an object is required
RI.IGNOREDCALL EXP00-J. Do not ignore values returned by methods
RR.IGNORED EXP00-J. Do not ignore values returned by methods
SV.DATA.DB IDS00-J. Prevent SQL injection
SV.EXEC IDS06-J. Exclude unsanitized user input from format strings
SV.EXEC IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
SV.EXEC.DIR IDS06-J. Exclude unsanitized user input from format strings
SV.EXEC.DIR IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
SV.EXEC.ENV IDS06-J. Exclude unsanitized user input from format strings
SV.EXEC.ENV IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
SV.EXEC.LOCAL IDS06-J. Exclude unsanitized user input from format strings
SV.EXEC.LOCAL IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
SV.EXEC.PATH IDS06-J. Exclude unsanitized user input from format strings
SV.EXEC.PATH IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
SV.EXPOSE.FIELD OBJ01-J. Limit accessibility of fields
SV.EXPOSE.FIELD OBJ10-J. Do not use public static nonfinal fields
SV.EXPOSE.FIN MET12-J. Do not use finalizers
SV.EXPOSE.IFIELD OBJ01-J. Limit accessibility of fields
SV.EXPOSE.MUTABLEFIELD OBJ01-J. Limit accessibility of fields
SV.EXPOSE.RET OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SV.EXPOSE.RET OBJ05-J. Do not return references to private mutable class members
SV.EXPOSE.STORE OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SV.EXPOSE.STORE OBJ05-J. Do not return references to private mutable class members
SV.HTTP_SPLIT ERR03-J. Restore prior object state on method failure
SV.IL.DEV ERR01-J. Do not allow exceptions to expose sensitive information
SV.INT_OVF NUM00-J. Detect or prevent integer overflow
SV.SHARED.VAR VNA00-J. Ensure visibility when accessing shared primitive variables
SV.SHARED.VAR VNA01-J. Ensure visibility of shared references to immutable objects
SV.SHARED.VAR VNA02-J. Ensure that compound operations on shared variables are atomic
SV.SHARED.VAR LCK05-J. Synchronize access to static fields that can be modified by untrusted code
SV.SQL IDS00-J. Prevent SQL injection
SV.SQL.DBSOURCE IDS00-J. Prevent SQL injection
SV.SSRF.URI ERR03-J. Restore prior object state on method failure
SV.STRUTS.PRIVATE OBJ01-J. Limit accessibility of fields
SV.STRUTS.STATIC OBJ01-J. Limit accessibility of fields
SV.STRUTS.STATIC OBJ10-J. Do not use public static nonfinal fields
SV.TAINT IDS01-J. Normalize strings before validating them
SV.TAINT_NATIVE IDS01-J. Normalize strings before validating them
SV.UMC.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
SV.XSS.DB IDS01-J. Normalize strings before validating them
SV.XSS.REF IDS01-J. Normalize strings before validating them
SV.XXE.DBF IDS17-J. Prevent XML External Entity Attacks
SV.XXE.SF IDS17-J. Prevent XML External Entity Attacks
SV.XXE.SPF IDS17-J. Prevent XML External Entity Attacks
SV.XXE.TF IDS17-J. Prevent XML External Entity Attacks
SV.XXE.XIF IDS17-J. Prevent XML External Entity Attacks
SV.XXE.XRF IDS17-J. Prevent XML External Entity Attacks
SVLOG_FORGING IDS03-J. Do not log unsanitized user input
UMC.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
  • No labels