Recommendations
MET00-J. Understand the difference between overriding and hiding
MET01-J. Follow good design principles while defining methods
MET02-J. Avoid ambiguous uses of overloading
MET04-J. Always provide feedback about the resulting value of a method
MET05-J. Validate method parameters
MET06-J. Methods that perform a security check must be declared private or final
Rules
MET30-J. Follow the general contract while overriding the equals method
MET31-J. Ensure that hashCode() is overridden when equals() is overridden
MET32-J. Ensure that constructors do not call overridable methods
MET33-J. Do not subject overloaded methods to polymorphic invocations
MET34-J. Follow the general contract when implementing the compareTo method
MET35-J. Ensure that the clone method calls super.clone
MET36-J. Do not use deprecated or obsolete methods
MET37-J. Do not call overridable methods from a privileged block
MET38-J. Do not invoke overridable methods on the clone under construction
MET39-J. Do not use the clone method to copy untrusted method parameters
Risk Assessment Summary
Recommendations
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MET00- J |
low |
unlikely |
medium |
P2 |
L3 |
MET01- J |
low |
unlikely |
high |
P1 |
L3 |
MET02- J |
low |
unlikely |
high |
P1 |
L3 |
MET03- J |
low |
unlikely |
high |
P1 |
L3 |
MET04- J |
medium |
probable |
medium |
P8 |
L2 |
MET05- J |
medium |
probable |
medium |
P8 |
L2 |
MET06- J |
medium |
probable |
medium |
P8 |
L2 |
Rules
Rules |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MET30- J |
low |
unlikely |
medium |
P2 |
L3 |
MET31- J |
low |
unlikely |
high |
P1 |
L3 |
MET32- J |
medium |
probable |
medium |
P8 |
L2 |
MET33- J |
low |
unlikely |
high |
P1 |
L3 |
MET34- J |
medium |
unlikely |
medium |
P4 |
L3 |
MET36-J |
high |
likely |
medium |
P18 |
L1 |
MET37- J |
high |
probable |
medium |
P12 |
L1 |
MET38- J |
medium |
probable |
low |
P12 |
L1 |
MET39-J |
high |
likely |
low |
P27 |
L1 |
CON44-J. Do not expect sleep() and yield() methods to have any synchronization semantics The CERT Sun Microsystems Secure Coding Standard for Java MET00-J. Understand the difference between overriding and hiding