Guidelines
FIO00-J. Defensively copy mutable inputs and mutable internal components
FIO01-J. Do not expose buffers created using the wrap() or duplicate() methods to untrusted code
FIO02-J. Keep track of bytes read and account for character encoding while reading data
FIO03-J. Specify the character encoding while performing file or network IO
FIO04-J. Canonicalize path names before validating
FIO05-J. Do not create multiple buffered wrappers on an InputStream
FIO06-J. Ensure all resources are properly closed when they are no longer needed
FIO07-J. Do not create temporary files in shared directories
FIO08-J. Do not log sensitive information
FIO09-J. Exclude user input from format strings
FIO10-J. Do not let Runtime.exec() fail or block indefinitely
FIO11-J. Do not attempt to read raw binary data as character data
Risk Assessment Summary
Recommendations
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO00-J |
medium |
probable |
high |
P4 |
L3 |
FIO01-J |
medium |
likely |
low |
P18 |
L1 |
FIO02-J |
low |
unlikely |
medium |
P2 |
L3 |
FIO03-J |
low |
unlikely |
medium |
P2 |
L3 |
FIO04-J |
medium |
unlikely |
medium |
P4 |
L3 |
FIO05-J |
low |
unlikely |
medium |
P2 |
L3 |
FIO06-J |
low |
probable |
medium |
P4 |
L3 |
FIO07-J |
high |
probable |
medium |
P12 |
L1 |
FIO08-J |
medium |
probable |
high |
P4 |
L3 |
FIO09-J |
medium |
unlikely |
medium |
P4 |
L3 |
FIO10-J |
low |
probable |
medium |
P4 |
L3 |
FIO11-J |
low |
unlikely |
medium |
P2 |
L3 |
OBJ15-J. Ensure that keys used in comparison operations cannot be changed The CERT Oracle Secure Coding Standard for Java FIO00-J. Defensively copy mutable inputs and mutable internal components