 
                            Recommendations
FIO00-J. Canonicalize path names originating from untrusted sources
FIO01-J. Do not let Runtime.exec() fail or block indefinitely
FIO02-J. Keep track of bytes read and account for character encoding while reading data
FIO03-J. Specify the character encoding while performing file or network IO
Rules
FIO30-J. Do not log sensitive information
FIO31-J. Defensively copy mutable inputs and mutable internal components
FIO32-J. Ensure all resources are properly closed when they are no longer needed
FIO33-J. Exclude user input from format strings
FIO34-J. Create and delete temporary files safely
FIO35-J. Always validate user input
FIO36-J. Do not create multiple buffered wrappers on an InputStream
FIO37-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code
FIO38-J. Do not use file locks for arbitrating file access at the thread level
Risk Assessment Summary
Recommendations
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| FIO00- J | medium | unlikely | medium | P4 | L3 | 
| FIO01- J | low | probable | medium | P4 | L3 | 
| FIO02- J | low | unlikely | medium | P2 | L3 | 
| FIO03- J | low | unlikely | medium | P2 | L3 | 
Rules
| Rules | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| FIO30- J | medium | probable | high | P4 | L3 | 
| FIO31- J | medium | probable | high | P4 | L3 | 
| FIO32- J | low | probable | medium | P4 | L3 | 
| FIO33- J | medium | unlikely | medium | P4 | L3 | 
| FIO34- J | medium | probable | high | P4 | L3 | 
| FIO36- J | low | unlikely | medium | P2 | L3 | 
OBJ38-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names originating from untrusted sources