Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

09. Input Output (FIO)

Created by Fred Long, last modified by Pennie Walters on Nov 19, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Guidelines

FIO00-J. Canonicalize path names before validating

FIO01-J. Do not let Runtime.exec() fail or block indefinitely

FIO02-J. Keep track of bytes read and account for character encoding while reading data

FIO03-J. Specify the character encoding while performing file or network IO

FIO30-J. Do not log sensitive information

FIO00-J. Defensively copy mutable inputs and mutable internal components

FIO32-J. Ensure all resources are properly closed when they are no longer needed

FIO33-J. Exclude user input from format strings

FIO34-J. Do not create temporary files in shared directories

FIO35-J. Reserved (moved to SDV00)

FIO36-J. Do not create multiple buffered wrappers on an InputStream

FIO37-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
FIO00- J	medium	unlikely	medium	P4	L3
FIO01- J	low	probable	medium	P4	L3
FIO02- J	low	unlikely	medium	P2	L3
FIO03- J	low	unlikely	medium	P2	L3

Rules

Rules	Severity	Likelihood	Remediation Cost	Priority	Level
FIO30- J	medium	probable	high	P4	L3
FIO31- J	medium	probable	high	P4	L3
FIO32- J	low	probable	medium	P4	L3
FIO33- J	medium	unlikely	medium	P4	L3
FIO34- J	high	probable	medium	P12	L1
FIO36- J	low	unlikely	medium	P2	L3
FIO37- J	medium	likely	low	P18	L1

OBJ09-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names before validating

No labels