Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

06. Input Output (FIO)

Created by Fred Long, last modified by Dhruv Mohindra on Jul 27, 2008

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

FIO00-A. Validate deserialized objects

FIO01-A. Canonicalize path names originating from untrusted sources

FIO02-A. Use Runtime.exec() correctly

FIO02-A. Prevent exceptions while logging data

Rules

FIO30-C. Validate user input

FIO31-C. Create a copy of mutable inputs

FIO32-C. Do not serialize sensitive data

FIO33-C. Do not allow serialization and deserialization to bypass the Security Manager

FIO34-C. Ensure all resources are properly closed when they are no longer needed

FIO35-C. Exclude user input from format strings

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
FIO00-A	1 (low)	1 (unlikely)	2 (medium)	P2	L3

Rules

Rules	Severity	Likelihood	Remediation Cost	Priority	Level
FIO30-C	1 (low)	1 (unlikely)	2 (medium)	P2	L3

No labels