Checker | Guideline |
|---|
| ATOMICITY | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| BAD_EQ | IDS02-J. Canonicalize path names before validating them |
| BAD_EQ | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| BAD_EQ | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| BAD_SHIFT | NUM00-J. Detect or prevent integer overflow |
| CALL_SUPER | MET12-J. Do not use finalizers |
| CHECKED_RETURN | EXP00-J. Do not ignore values returned by methods |
| CHECKED_RETURN | FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255 |
| CONFIG | MSC03-J. Never hard code sensitive information |
| DC.CODING_STYLE | ERR09-J. Do not allow untrusted code to terminate the JVM |
| DC.THREADING | MET12-J. Do not use finalizers |
| DC.THREADING.thread_run | THI00-J. Do not invoke Thread.run() |
| DIVIDE_BY_ZERO | NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors |
| DOUBLE_CHECK_LOCK | LCK10-J. Do not use incorrect forms of the double-checked locking idiom |
| FB.BC_NULL_INSTANCEOF | EXP01-J. Never dereference null pointers |
| FB.DC_DOUBLECHECK | LCK10-J. Do not use incorrect forms of the double-checked locking idiom |
| FB.DMI_CONSTANT_DB_ PASSWORD | MSC03-J. Never hard code sensitive information |
| FB.DMI_EMPTY_DB_PASSWORD | MSC03-J. Never hard code sensitive information |
| FB.DM_EXIT | ERR09-J. Do not allow untrusted code to terminate the JVM |
| FB.EI_EXPOSE_REP | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| FB.EI_EXPOSE_REP2 | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| FB.EQ_ABSTRACT_SELF | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_ABSTRACT_SELF | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_ALWAYS_FALSE | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_ALWAYS_FALSE | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_ALWAYS_TRUE | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_ALWAYS_TRUE | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_CHECK_FOR_OPERAND_NOT_ COMPATIBLE_WITH_THIS | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_CHECK_FOR_OPERAND_NOT_ COMPATIBLE_WITH_THIS | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_COMPARETO_USE_OBJECT_ EQUALS | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_COMPARETO_USE_OBJECT_ EQUALS | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_COMPARING_CLASS_NAMES | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_COMPARING_CLASS_NAMES | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_DOESNT_OVERRIDE_EQUALS | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_DOESNT_OVERRIDE_EQUALS | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_DONT_DEFINE_EQUALS_ FOR_ENUM | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_DONT_DEFINE_EQUALS_ FOR_ENUM | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_GETCLASS_AND_CLASS_ CONSTANT | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_GETCLASS_AND_CLASS_ CONSTANT | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_OTHER_NO_OBJECT | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_OTHER_NO_OBJECT | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_OTHER_USE_OBJECT | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_OTHER_USE_OBJECT | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_OVERRIDING_EQUALS_ NOT_SYMMETRIC | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_OVERRIDING_EQUALS_ NOT_SYMMETRIC | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_SELF_NO_OBJECT | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_SELF_NO_OBJECT | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_SELF_USE_OBJECT | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_SELF_USE_OBJECT | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.EQ_UNUSUAL | EXP02-J. Use the two-argument Arrays.equals() method to compare the contents of arrays |
| FB.EQ_UNUSUAL | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.ES_COMPARING_PARAMETER_ STRING_WITH_EQ | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.ES_COMPARING_PARAMETER_ STRING_WITH_EQ | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.ES_COMPARING_STRINGS_ WITH_EQ | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| FB.FI_EMPTY | MET12-J. Do not use finalizers |
| FB.FI_EXPLICIT_INVOCATION | MET12-J. Do not use finalizers |
| FB.FI_FINALIZER_NULLS_FIELDS | MET12-J. Do not use finalizers |
| FB.FI_FINALIZER_ONLY_NULLS_FIELDS | MET12-J. Do not use finalizers |
| FB.FI_MISSING_SUPER_CALL | MET12-J. Do not use finalizers |
| FB.FI_NULLIFY_SUPER | MET12-J. Do not use finalizers |
| FB.FI_PUBLIC_SHOULD_BE_ PROTECTED | MET12-J. Do not use finalizers |
| FB.FI_USELESS | MET12-J. Do not use finalizers |
| FB.IS2_INCONSISTENT_SYNC | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.IS2_INCONSISTENT_SYNC | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.IS_FIELD_NOT_GUARDED | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.IS_FIELD_NOT_GUARDED | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.IS_INCONSISTENT_SYNC | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.IS_INCONSISTENT_SYNC | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.LI_LAZY_INIT_STATIC | MSC07-J. Prevent multiple instantiations of singleton objects |
| FB.LI_LAZY_INIT_UPDATE_STATIC | MSC07-J. Prevent multiple instantiations of singleton objects |
| FB.MS_SHOULD_BE_FINAL | OBJ10-J. Do not use public static nonfinal variables |
| FB.NP_ALWAYS_NULL | EXP01-J. Never dereference null pointers |
| FB.NP_ALWAYS_NULL_EXCEPTION | EXP01-J. Never dereference null pointers |
| FB.NP_ARGUMENT_MIGHT_BE_NULL | EXP01-J. Never dereference null pointers |
| FB.NP_BOOLEAN_RETURN_NULL | EXP01-J. Never dereference null pointers |
| FB.NP_CLONE_COULD_RETURN_NULL | EXP01-J. Never dereference null pointers |
| FB.NP_CLOSING_NULL | EXP01-J. Never dereference null pointers |
| FB.NP_DEREFERENCE_OF_ READLINE_VALUE | EXP01-J. Never dereference null pointers |
| FB.NP_DOES_NOT_HANDLE_NULL | EXP01-J. Never dereference null pointers |
| FB.NP_EQUALS_SHOULD_HANDLE_ NULL_ARGUMENT | EXP01-J. Never dereference null pointers |
| FB.NP_FIELD_NOT_INITIALIZED_ IN_CONSTRUCTOR | EXP01-J. Never dereference null pointers |
| FB.NP_GUARANTEED_DEREF | EXP01-J. Never dereference null pointers |
| FB.NP_GUARANTEED_DEREF_ON_ EXCEPTION_PATH | EXP01-J. Never dereference null pointers |
| FB.NP_IMMEDIATE_DEREFERENCE_ OF_READLINE | EXP01-J. Never dereference null pointers |
| FB.NP_LOAD_OF_KNOWN_NULL_ VALUE | EXP01-J. Never dereference null pointers |
| FB.NP_NONNULL_FIELD_NOT_ INITIALIZED_IN_CONSTRUCTOR | EXP01-J. Never dereference null pointers |
| FB.NP_NONNULL_PARAM_VIOLATION | EXP01-J. Never dereference null pointers |
| FB.NP_NONNULL_RETURN_VIOLATION | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_INSTANCEOF | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_ON_SOME_PATH | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_ON_SOME_PATH_ EXCEPTION | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_ON_SOME_PATH_ FROM_RETURN_VALUE | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_ON_SOME_PATH_ MIGHT_BE_INFEASIBLE | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_PARAM_DEREF | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_PARAM_DEREF_ NONVIRTUAL | EXP01-J. Never dereference null pointers |
| FB.NP_NULL_PARAM_DEREF_ALL_ TARGETS_DANGEROUS | EXP01-J. Never dereference null pointers |
| FB.NP_PARAMETER_MUST_BE_NON - NULL_BUT_MARKED_AS_NULLABLE | EXP01-J. Never dereference null pointers |
| FB.NP_STORE_INTO_NONNULL_FIELD | EXP01-J. Never dereference null pointers |
| FB.NP_TOSTRING_COULD_ RETURN_NULL | EXP01-J. Never dereference null pointers |
| FB.NP_UNWRITTEN_FIELD | EXP01-J. Never dereference null pointers |
| FB.NP_UNWRITTEN_PUBLIC_OR_ PROTECTED_FIELD | EXP01-J. Never dereference null pointers |
| FB.RCN_REDUNDANT_COMPARISON_ OF_NULL_AND_NONNULL_VALUE | EXP01-J. Never dereference null pointers |
| FB.RCN_REDUNDANT_COMPARISON_ TWO_NULL_VALUES | EXP01-J. Never dereference null pointers |
| FB.RCN_REDUNDANT_NULLCHECK_ OF_NONNULL_VALUE | EXP01-J. Never dereference null pointers |
| FB.RCN_REDUNDANT_NULLCHECK_ OF_NULL_VALUE | EXP01-J. Never dereference null pointers |
| FB.RCN_REDUNDANT_NULLCHECK_ WOULD_HAVE_BEEN_A_NPE | EXP01-J. Never dereference null pointers |
| FB.RU_INVOKE_RUN | MET10-J. Follow the general contract when implementing the compareTo() method |
| FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE | IDS00-J. Sanitize untrusted data passed across a trust boundary |
| FB.SQL_PREPARED_STATEMENT_GENERATED_ | IDS00-J. Sanitize untrusted data passed across a trust boundary |
| FB.STCAL_INVOKE_ON_STATIC_ CALENDAR_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.STCAL_INVOKE_ON_STATIC_ CALENDAR_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.STCAL_INVOKE_ON_STATIC_ DATE_FORMAT_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.STCAL_INVOKE_ON_STATIC_ DATE_FORMAT_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.STCAL_STATIC_CALENDAR_ INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.STCAL_STATIC_CALENDAR_ INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FB.STCAL_STATIC_SIMPLE_DATE_ FORMAT_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic |
| FB.STCAL_STATIC_SIMPLE_DATE_ FORMAT_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| FORWARD_NULL | EXP01-J. Never dereference null pointers |
| GUARDED_BY_VIOLATION | VNA02-J. Ensure that compound operations on shared variables are atomic |
| GUARDED_BY_VIOLATION | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| HARDCODED_CREDENTIALS | MSC03-J. Never hard code sensitive information |
| INDIRECT_GUARDED_BY_VIOLATION | VNA02-J. Ensure that compound operations on shared variables are atomic |
| INDIRECT_GUARDED_BY_VIOLATION | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| ITERATOR | FIO04-J. Release resources when they are no longer needed |
| JDBC_CONNECTION | FIO04-J. Release resources when they are no longer needed |
| LOCK_INVERSION | LCK07-J. Avoid deadlock by requesting and releasing locks in the same order |
| LOCK_ORDERING | LCK07-J. Avoid deadlock by requesting and releasing locks in the same order |
| MISSING_THROW | ERR00-J. Do not suppress or ignore checked exceptions |
| NON_STATIC_GUARDING_STATIC | VNA02-J. Ensure that compound operations on shared variables are atomic |
| NON_STATIC_GUARDING_STATIC | VNA02-J. Ensure that compound operations on shared variables are atomic |
| NON_STATIC_GUARDING_STATIC | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| NON_STATIC_GUARDING_STATIC | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| NULL_RETURNS | EXP01-J. Never dereference null pointers |
| OS_CMD_INJECTION | IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method |
| OVERFLOW_BEFORE_WIDEN | NUM00-J. Detect or prevent integer overflow |
| PATH_MANIPULATION | IDS02-J. Canonicalize path names before validating them |
| PW.ABNORMAL_TERMINATION_ OF_FINALLY_BLOCK | ERR04-J. Do not complete abruptly from a finally block |
| PW.ABNORMAL_TERMINATION_ OF_FINALLY_BLOCK | ERR05-J. Do not let checked exceptions escape from a finally block |
| RESOURCE_LEAK | FIO04-J. Release resources when they are no longer needed |
| REVERSE_INULL | EXP01-J. Never dereference null pointers |
| RISKY_CRYPTO | MSC02-J. Generate strong random numbers |
| SERVLET_ATOMICITY | VNA00-J. Ensure visibility when accessing shared primitive variables |
| SERVLET_ATOMICITY | VNA02-J. Ensure that compound operations on shared variables are atomic |
| SINGLETON_RACE | MSC07-J. Prevent multiple instantiations of singleton objects |
| SQLI | IDS00-J. Sanitize untrusted data passed across a trust boundary |
| UNSAFE_DESERIALIZATION | SER01-J. Do not deviate from the proper signatures of serialization methods |
| UNSAFE_DESERIALIZATION | SER03-J. Do not serialize unencrypted, sensitive data |
| UNSAFE_DESERIALIZATION | SER06-J. Make defensive copies of private mutable components during deserialization |
| UNSAFE_DESERIALIZATION | SER07-J. Do not use the default serialized form for classes with implementation-defined invariants |
| UNSAFE_LAZY_INIT | MSC07-J. Prevent multiple instantiations of singleton objects |
| UNSAFE_REFLECTION | SEC02-J. Do not base security checks on untrusted sources |
