Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

49. Miscellaneous (MSC)

Created by Dhruv Mohindra, last modified by Fred Long on Aug 12, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

MSC00-J. Eliminate class initialization cycles

MSC01-J. Avoid memory leaks

MSC02-J. Reserved (moved to ENV01-J)

MSC03-J. Reserved (moved to ENV02-J)

MSC04-J. Reserved (moved to ENV03-J)

MSC05-J. Reserved (moved to MSC38-J)

MSC02-J. Avoid cyclic dependencies between packages

MSC03-J. Prefer using URIs to URLs

MSC04-J. Prefer using Iterators over Enumerations

MSC05-J. Carefully design interfaces before releasing them

MSC06-J. Avoid mixing generic and non-generic code if possible

MSC07-J. Library methods should validate their parameters

MSC12-J. Limit the lifetime of sensitive data

MSC08-J. Finish every set of statements associated with a case label with a break statement

Rules

MSC30-J. Generate truly random numbers

MSC31-J. Never hardcode sensitive information

MSC32-J. Reserved (moved to ENV35-J)

MSC32-J. Prevent OS Command Injection

MSC33-J. Prevent against SQL Injection

MSC36-J. Understand how escape characters are interpreted when String literals are compiled

MSC34-J. Prevent XML Injection

MSC35-J. Prevent XPath Injection

MSC37-J. Make sensitive classes noncloneable

MSC38-J. Do not modify the underlying collection when an iteration is in progress

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC00-J	low	unlikely	medium	P2	L3
MSC01-J	low	unlikely	high	P1	L3
MSC02-J	low	unlikely	medium	P2	L3
MSC03-J	medium	probable	medium	P8	L2
MSC04-J	high	probable	low	P18	L1
MSC05-J	medium	probable	medium	P18	L1
MSC06-J	TODO	TODO	TODO	TODO	TODO
MSC07-J	medium	unlikely	medium	P4	L3
MSC08-J	low	unlikely	medium	P2	L3
MSC011-J	medium	unlikely	high	P2	L3

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC30-J	medium	unlikely	medium	P4	L3
MSC35-J	medium	unlikely	high	P2	L3

EXC31-J. Handle checked exceptions that can be thrown within a finally block The CERT Sun Microsystems Secure Coding Standard for Java MSC00-J. Eliminate class initialization cycles

No labels