SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>00. Runtime Environment (ENV) - CERT Secure Coding Standards</title>

<meta id="confluence-context-path" name="confluence-context-path" content="/confluence">
<meta id="atlassian-token" name="atlassian-token" content="3UIncFJ_LX">
<meta id="confluence-space-key" name="confluence-space-key" content="java">

<script type="text/javascript">
// Deprecated global variables. To be removed in a future version of Confluence.
var contextPath = '/confluence';
var i18n = [];
</script>

<!-- include system resources -->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:prototype/confluence.web.resources:prototype.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:scriptaculous/confluence.web.resources:scriptaculous.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery/com.atlassian.auiplugin:jquery.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery-base/com.atlassian.auiplugin:jquery-base.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:ajs/com.atlassian.auiplugin:ajs.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:dwr/engine.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:dwr/util.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-editor/confluence.web.resources:page-editor.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-wysiwyg-converter.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-user-profile-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-draft.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-editor/dwr-heartbeat.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-editor/confluence.web.resources:page-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery-selection/com.atlassian.auiplugin:jquery-selection.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:dialog/com.atlassian.auiplugin:dialog.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:dialog/com.atlassian.auiplugin:dialog.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:dialog/com.atlassian.auiplugin:dialog.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:raphael/confluence.web.resources:raphael.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.editor.actions:editor-macro-browser/confluence.editor.actions:editor-macro-browser.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.editor.actions:editor-macro-browser/confluence.editor.actions:editor-macro-browser.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.editor.actions:editor-macro-browser/confluence.editor.actions:editor-macro-browser.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:jquery-ui-draggable/com.atlassian.auiplugin:jquery-ui-draggable.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-ordering-tree/confluence.web.resources:page-ordering-tree.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-ordering-tree/confluence.web.resources:page-ordering-tree.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-ordering-tree/confluence.web.resources:page-ordering-tree.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-location-editor/confluence.web.resources:page-location-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:page-permissions-editor/confluence.web.resources:page-permissions-editor.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:page-permissions-editor/EntitiesAjaxService.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/AddLabeltoEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/RemoveLabelFromEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/SuggestedLabelsForEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:labels-editor/GenerateAutocompleteLabelsListForEntity.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:labels-editor/confluence.web.resources:labels-editor.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:labels-editor/confluence.web.resources:labels-editor.css" media="all"/>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:master-styles/confluence.web.resources:master-styles.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:master-styles/confluence.web.resources:master-styles.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:breadcrumbs/confluence.web.resources:breadcrumbs.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:print-styles/confluence.web.resources:print-styles.css?media=print" media="print"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:safe-ajax/confluence.web.resources:safe-ajax.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.userstatus:userstatus-resources/confluence.userstatus:userstatus-resources.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.userstatus:userstatus-resources/confluence.userstatus:userstatus-resources.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:master-scripts/confluence.web.resources:master-scripts.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/resources/confluence.web.resources:master-scripts/PageNotification.js" ></script>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:contentnamesearch/confluence.web.resources:contentnamesearch.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:contentnamesearch/confluence.web.resources:contentnamesearch.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:userlink/confluence.web.resources:userlink.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:userlink/confluence.web.resources:userlink.css" media="all"/>
<!--[if IE]>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:userlink/confluence.web.resources:userlink.css?ieonly=true" media="all"/>
<![endif]-->
<script type="text/javascript" src="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:drop-down/com.atlassian.auiplugin:drop-down.js" ></script>
<link type="text/css" rel="stylesheet" href="/confluence/s/1627/6/1.0.2/_/download/batch/com.atlassian.auiplugin:drop-down/com.atlassian.auiplugin:drop-down.css" media="all"/>
<script type="text/javascript" src="/confluence/s/1627/6/1.0/_/download/batch/confluence.web.resources:atlassian-effects/confluence.web.resources:atlassian-effects.js" ></script>

<!-- end system resources -->

<link rel="stylesheet" href="/confluence/s/1627/6/1/_/styles/combined.css?spaceKey=java" type="text/css">

<meta name="robots" content="noindex,nofollow">
<meta name="robots" content="noarchive">
<meta name="confluence-request-time" content="1250711122955">

<link rel="shortcut icon" href="/confluence/favicon.ico">
<link rel="icon" type="image/png" href="/confluence/s/1627/6/_/images/logo/confluence_16.png">

<link rel="search" type="application/opensearchdescription+xml" href="/confluence/opensearch/osd.action" title="CERT Secure Coding Standards"/>

<script type="text/javascript">

function toggleMenu(menuId)

Unknown macro: { var visible = toggleVisibility(menuId); if (visible) setCookie("confluence.leftnav." + menuId, true); else setCookie("confluence.leftnav.", false); }

function isMenuExpanded(menuId)

Unknown macro: { return getCookie("confluence.leftnav." + menuId); }

function initMenuItem(menuId)
{
if (document.getElementById(menuId))
{
if (isMenuExpanded(menuId) == 'true')

Unknown macro: { document.getElementById(menuId).style.display = "block"; }

else

Unknown macro: { document.getElementById(menuId).style.display = "none"; }

}
}
</script>

</head>

<body onload="placeFocus()" id="com-atlassian-confluence">
<!--BEGIN HEADER -->

<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#ffffff"><tr>
<td valign="middle"><img src="https://www.cert.org/images/1pxinv.gif" width="5" height="94"></td><td valign="middle"><a href="https://www.cert.org/"><img
src="https://www.cert.org/cert/images/cert_logo.gif" alt="CERT" border="0"></a></td><td valign="bottom" align="right" width="100%">

<!-NAVIGATION TABLE->
<table border="0" cellspacing="0" cellpadding="0" width="600"><a href="https://www.cert.org/work/software_assurance.html"><img src="https://www.cert.org/cert/images/1off.jpg"
width="132" height="21"
alt="Software Assurance" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/secure_systems.html"><img
src="https://www.cert.org/cert/images/2off.jpg" width="109" height="21" alt="Secure Systems" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a
href="https://www.cert.org/work/organizational_security.html"><img
src="https://www.cert.org/cert/images/3off.jpg" width="140" height="21" alt="Organizational Security" border="0"></a><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a
href="https://www.cert.org/work/coordinating_response.html"><img
src="https://www.cert.org/cert/images/4off.jpg" width="140" height="21" alt="Coordinating Response" border="0"></a><img
src="https://www.cert.org/images/1pxinv.gif" width="1" height="21"><a href="https://www.cert.org/work/training.html"><img src="https://www.cert.org/cert/images/5off.jpg" width="75"
height="21" alt="Training" border="0"></a></td></tr></table>

<!--END NAVIGATION TABLE -->

</td></tr></table>

<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#666666"><tr><td><img src="https://www.cert.org/images/1pxinv.gif" width="1" height="3"></td></tr></table>

<!--END HEADER -->

<script type="text/javascript">
AJS.toInit(function ($) {
$(".message-close-button").each(function () {
var li = $(this).parent();
var cookieId = this.alt;
$(this).click(function ()

Unknown macro: { li.slideUp(); setCookie(cookieId, true); }

);
});

$("#messageContainer .confluence-messages").each(function () {
if (!getCookie(this.id))

Unknown macro: { $(this).show(); }

})
});
</script>

<div id="header">
<form id="quick-search" class="quick-search" method="get" action="/confluence/dosearchsite.action">
<fieldset>
<legend>Quick Search</legend>
<input class="quick-search-query" id="quick-search-query" type="text" accessKey="q" autocomplete="off" name="queryString" size="25" />
<input class="quick-search-submit" id="quick-search-submit" type="submit" value="Search" />
</fieldset>
<fieldset class="hidden parameters">
<input type="hidden" class="quickSearchPlaceholder" id="quickSearchPlaceholder" value="Search" />

<input type="hidden" id="quickNavEnabled" value="true" />
<!-- Quick nav disabled. SettingsManager could not be found --> </fieldset>
</form>

<ol id="breadcrumbs">

<li class="first" ><span>
<a href="/confluence/dashboard.action">Dashboard</a>
</span></li>

<li><span>
<a href="/confluence/display/java">java</a>
</span></li>

<li><span>
<a href="/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java">The CERT Sun Microsystems Secure Coding Standard for Java</a>
</span></li>

<li><span>
<a href="/confluence/display/java/00.Runtime+Environment%28ENV%29">00. Runtime Environment (ENV)</a>
</span></li>

<li><span>
Edit Page
</span></li>
</ol>

</div>

<div id="PageContent">
<table cellspacing="0" cellpadding="0" width="100%">
<tr>
<td width="150px" valign="top" class="sidebar" nowrap>
<div class="leftnav">
<div id="logodiv">
<a href="/confluence/display/java"><img class="logo global" src="/confluence/images/logo/confluence_48_white.png" alt=""></a> </div>
<div id="menu">
<table class="sectionMacro" border="0" cellpadding="5" cellspacing="0" width="100%"><tbody><tr>
<td class="confluenceTd" valign="top" width="105%">
<div class='panelMacro'><table class='infoMacro'><tr><td><p><b>Standards</b><br/>
<a href="/confluence/display/seccode/CERT+Secure+Coding+Standards" title="CERT Secure Coding Standards">Overview</a><br/>
<a href="/confluence/display/seccode/CERT+C+Secure+Coding+Standard" title="CERT C Secure Coding Standard">C Language</a><br/>
<a href="/confluence/pages/viewpage.action?pageId=637" title="CERT C++ Secure Coding Standard">C++</a><br/>
<a href="/confluence/display/java/The+CERT+Sun+Microsystems+Secure+Coding+Standard+for+Java" title="The CERT Sun Microsystems Secure Coding Standard for Java">Java</a></p>

<p><b>CERT Websites</b><br/>
<a href="http://www.cert.org/" rel="nofollow">CERT</a><br/>
<a href="http://www.cert.org/secure-coding" rel="nofollow">Secure Coding</a><br/>
<a href="http://www.cert.org/tech_tips/" rel="nofollow">Tech Tips</a></p>

<p><b>Related Websites</b><br/>
<a href="https://buildsecurityin.us-cert.gov/daisy/bsi/home.html" rel="nofollow">Build Security In</a></p>

<p><a href="http://www.informit.com/store/product.aspx?isbn=0321563212" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/cert-c-book-cover-100.jpg" border="0" width="100" /></span></a></p>

<p><a href="http://www.cert.org/books/secure-coding/" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/securec.jpg" border="0" width="100" /></span></a></p>

<p><b>Related Sites</b><br/>
<a href="http://www.us-cert.gov/" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/logo/uscert_4g_sm.jpg" border="0" /></span></a><br/>
<a href="http://www.cylab.cmu.edu/" title="http://www.cylab.cmu.edu/" rel="nofollow"><span class="image-wrap" style=""><img src="https://www.cert.org/images/logo/cylab_alt.jpg" border="0" /></span></a></p></td></tr></table></div></td></tr></tbody></table>

<h5><a href="#" onCLick="toggleMenu('pagenav'); return false;"><img src="/confluence/images/icons/docs_16.gif" width=16 height=16 border=0 align=absmiddle >Page Operations</a></h5>
<div id="pagenav" class="subnav" style="display:none;">
<ul>
<li><a id="viewPageLink" href="/confluence/display/java/00.Runtime+Environment%28ENV%29" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="v"><u>V</u>iew</a></li>
<li><a id="editPageLink" href="/confluence/pages/editpage.action?pageId=33128636" class="current" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="e"><u>E</u>dit</a></li>
<li><a id="view-attachments-link" href="/confluence/pages/viewpageattachments.action?pageId=33128636" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="a"><u>A</u>ttachments (0)</a></li>
<li><a id="view-page-info-link" href="/confluence/pages/viewinfo.action?pageId=33128636" onClick="javascript:saveDraftOnPageChange(this); return false;" accessKey="i"><u>I</u>nfo</a></li>
<li><a href="/confluence/pages/worddav/uploadimport.action?pageId=33128636" onClick="javascript:saveDraftOnPageChange(this); return false;" >Doc Import</a></li>
</ul>
</div>

<h5><a href="#" onCLick="toggleMenu('browsenav'); return false;"><img src="/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Find Content">Browse Space</a></h5>
<div id="browsenav" class="subnav" style="display:none;">
<ul>
<li><a href="/confluence/pages/listpages.action?key=java" >Pages</a></li>
<li><a href="/confluence/pages/viewrecentblogposts.action?key=java" >News</a></li>
<li><a href="/confluence/labels/listlabels-heatmap.action?key=java" >Labels</a></li>
<li><a href="/confluence/spaces/listattachmentsforspace.action?key=java" >Attachments</a></li>
<li><a href="/confluence/spaces/viewmailarchive.action?key=java" >Mail</a></li>
<li><a href="/confluence/spaces/viewspacesummary.action?key=java" >Advanced</a></li>
</ul>
</div>

<h5><a href="#" onCLick="toggleMenu('addcontent'); return false;"><img src="/confluence/images/icons/add_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Content">Add Content</a></h5>
<div id="addcontent" class="subnav" style="display:none;">
<ul>

<li><a href="/confluence/pages/createpage.action?spaceKey=java&fromPageId=33128636"><img src="/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"> Add Page</a></li>

<li><a href="/confluence/pages/createblogpost.action?spaceKey=java"><img src="/confluence/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"> Add News</a></li>
</ul>
</div>

</div>
<script type="text/javascript">
initMenuItem("browsenav");
initMenuItem("pagenav");
initMenuItem("addcontent");
</script>
</div>
</td>
<td valign="top" width="100%">
<!-- Inner content table -->
<table width="100%" cellpadding="2" cellspacing="0">
<tr>
<td colspan="2" valign="middle" align="right" style="background-color:#F0F0F0">

<ul id="page-view-panel">
<li> <a href="/confluence/pages/editpage.action?pageId=33128636&decorator=printable" rel="nofollow" title="View a printable version of the current page." class="print icon">View a printable version of the current page.</a>
</li>
<li>
<a href="/confluence/spaces/flyingpdf/pdfpageexport.action?pageId=33128636&atl_token=3UIncFJ_LX" rel="nofollow" title="Export Page as PDF" class="pdf icon">Export Page as PDF</a>
</li>
<li> </li>
</ul>

<ul id="user-control-panel">
<li class="first">Welcome <a href="/confluence/display/~agoyal">Ankur Goyal</a></li>

<li><a id="set-user-status-link" href="/confluence/display/~agoyal" >Update Status…</a></li>
<li><a id="view-user-history-link" href="/confluence/users/viewuserhistory.action" >Recently Viewed</a></li>
<li><a id="user-settings-link" href="/confluence/users/viewmysettings.action" >Settings</a></li>
<li><a id="logout-link" href="/confluence/logout.action" >Log Out</a></li>
</ul>
</td>
</tr>
<tr>
<td id="mainViewPane">
<div>
<table class="fullWidthBorderless">
<td><span id="spaceFullNameLink"> <a href="/confluence/display/java">java</a> </span></td>
<td align="right">
<a id="pageFavourite" href="/confluence/labels/addfavourite.action?entityId=33128636&atl_token=3UIncFJ_LX"><img src="/confluence/images/icons/star_grey.gif" height="16" width="16" border="0" align="absmiddle" title="Add this page to your favourites list" alt="Add this page to your favourites list"></a>
<a id="pageWatch" href="/confluence/pages/addpagenotification.action?pageId=33128636&atl_token=3UIncFJ_LX"><img src="/confluence/images/icons/watch_16.gif" height="16" width="16" border="0" align="absmiddle" title="Watch this page" alt="Watch this page"></a>
</td>
</table>
<h1>
<a href="/confluence/display/java/00.Runtime+Environment%28ENV%29">00. Runtime Environment (ENV)</a>
</h1>
</div>
<div id="content">
<!-- call the page decorator -->

<!--
Root decorator: this is a layer of abstraction that Confluence doesn't need. It will be removed eventually.
-->

<!--[if gte IE 5.5000]>
<script language="JavaScript">
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 or higher.
{
for(var i=0; i<document.images.length; i++)
{
var img = document.images[i]
var imgName = img.src.toUpperCase()
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")

Unknown macro: { var imgID = (img.id) ? "id='" + img.id + "' " }

}
}
window.attachEvent("onload", correctPNG);
</script>
<![endif]-->

<div id="editpage">
<fieldset class="hidden parameters">
<input type="hidden" id="spaceKey" value="java">
<input type="hidden" id="pageId" value="33128636">
<input type="hidden" id="originalParentPage" value="The CERT Sun Microsystems Secure Coding Standard for Java">
<input type="hidden" id="formName" value="editpageform">
<input type="hidden" id="defaultContentTitle" value="">
<input type="hidden" id="draftSavedMessage" value="Draft saved at

Unknown macro: {0}

">
<input type="hidden" id="draftSavingMessage" value="Saving draft…">
<input type="hidden" id="draftSavingTimedOutMessage" value="Draft saving timed out">
</fieldset>

<form id="editpageform" name="editpageform" method="post" action="doeditpage.action?pageId=33128636" class="editor">
<input type="hidden" name="atl_token" value="3UIncFJ_LX">
<input
type="hidden"
name="labelsShowing" value="false" id="labelsShowing" /> <input
type="hidden"
name="restrictionsShowing" value="false" id="restrictionsShowing" /> <input
type="hidden"
name="locationShowing" value="false" id="locationShowing" />
<input
type="hidden"
name="originalVersion" value="4" id="originalVersion" /> <input
type="hidden"
name="originalContent" value="h2. Recommendations

ENV00-J. Do not sign code that performs only unprivileged operations

[ENV01-J. Be aware of the JVM Tool Interface]

[ENV02-J. Be aware of the Java Platform Debugger Architecture]

[ENV03-J. Limit remote uses of JVM Monitoring and Managing]

Rules

[ENV30-J. Create a secure sandbox using a Security Manager]

[ENV31-J. Never grant AllPermission to untrusted code]

[ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks]

[ENV33-J. Do not grant RuntimePermission with target createClassLoader]

[ENV34-J. Do not disable bytecode verification]

[ENV35-J. Provide a trusted environment and sanitize all inputs]

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

[!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_left.png!]      [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_up.png!]      [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_right.png!]" id="orginalContent" /> <input
type="hidden"
name="conflictingVersion" value="4" id="conflictingVersion" />

<div id="wiki-editor">
<!-- remove content link -->
<div class="remove-control">
<a href="/confluence/pages/removepage.action?pageId=33128636"><img src="/confluence/images/icons/trash_16.gif" width="16" height="16" border="0px" align="absmiddle" title="Remove"></a> <a href="/confluence/pages/removepage.action?pageId=33128636">Remove Page</a>
</div>

<!-- title text field -->
<div id="content-title-div" class="inputSection">
<input type="text" name="title" size="43" value="00. Runtime Environment (ENV)" tabindex="1" id="content-title" class="pagetitle">
</div>

<!-- captcha form elements -->

<div id='heartbeat-div' class="hidden">
<table cellpadding='5' cellspacing='8px' class='noteMacro' border="0" align='center'>
<tr><td valign='top' width="1%"><img src="/confluence/s/1627/6/_/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>
This page is being edited by <span id='other-users-span'></span>.
</td></tr>
</table>
</div>

<!-- template link -->

<!-- content editor -->
<div class="inputSection">
<div class="submit-buttons">
<input tabindex="102" accessKey="s" type="submit" name="confirm" value="Save">  
<input tabindex="104" type="submit" name="cancel" value="Cancel"> </div>
<div id="draft-status">
</div>
<div id="editorDiv">

<fieldset class="hidden parameters">
<input type="hidden" id="contextPath" value="/confluence">
<input type="hidden" id="contentId" value="33128636">
<input type="hidden" id="contentType" value="page">
<input type="hidden" id="useWysiwyg" value="false">
<input type="hidden" id="saveDrafts" value="true">
<input type="hidden" id="draftType" value="page">
<input type="hidden" id="heartbeat" value="true">
<input type="hidden" id="newPage" value="">
<input type="hidden" id="maxThumbWidth" value="200">
<input type="hidden" id="editorMode" value="markup">
<input type="hidden" id="paramsHeight" value="480">
<input type="hidden" id="isDevMode" value="false">
<input type="hidden" id="parametersName" value="content">
<input type="hidden" id="parametersId" value="content">
<input type="hidden" id="actionLocale" value="en_GB">
<input type="hidden" id="actionMarkup" value="markup">
<input type="hidden" id="actionRichtext" value="richtext">
<input type="hidden" id="actionPreview" value="preview">
<input type="hidden" id="spaceKey" value="java">
<input type="hidden" id="remoteUser" value="agoyal">
<input type="hidden" id="editorPluginResourcePrefix" value="/confluence/s/1627/6/3.0.0_01/_">
<input type="hidden" id="staticResourceUrlPrefix" value="/confluence/s/1627/6/_">
<input type="hidden" id="blankSearchText" value="Search">
<input type="hidden" id="loadBrowserErrorMessage" value="There has been an error loading the macro browser. Please try again or see your system administrator.">
<input type="hidden" id="unknownMacroMessage" value="Could not load unknown macro in the macro browser.">
<input type="hidden" id="nestingSameMacroNotAllowedMessage" value="Macros with the same name cannot be nested inside each other.">
<input type="hidden" id="loadingMessage" value="The Macro Browser has not yet been initialised. Please try again in a few seconds.">
<input type="hidden" id="categoryAllLabel" value="All">
<input type="hidden" id="nextButtonLabel" value="Next">
<input type="hidden" id="backButtonLabel" value="Back">
<input type="hidden" id="previewButtonLabel" value="Preview">
<input type="hidden" id="cancelButtonLabel" value="Cancel">
<input type="hidden" id="insertButtonLabel" value="Insert">
<input type="hidden" id="saveButtonLabel" value="Save">
<input type="hidden" id="formName" value="editpageform">
</fieldset>

<ul id="editor-tabs" class="tab-navigation">

<li id="markupTab" class="tab current">
<a href="#">Wiki Markup</a>
</li>

<li id="previewTab" class="tab ">
<a href="#">Preview</a>
</li>

<li id="wysiwygWaitImage" class="notab loading">Loading…</li>

</ul>

<div id="linkinserters" >
<a id="editor-insert-link" href="#" title="Insert Link (Ctrl+K)">
<span class="editor-icon"></span>
</a>
<a id="editor-insert-image" href="#" title="Insert Image (Ctrl+M)">
<span class="editor-icon"></span>
</a>
<a id="editor-insert-macro" href="#" title="Macro Browser">
<span class="editor-icon"></span>
</a>
</div>

<div id="markup" >
<textarea id="markupTextarea" name="content"
cols="80"
rows="30"

tabindex="5" style=""
class="monospaceInput"
>h2. Recommendations

ENV00-J. Do not sign code that performs only unprivileged operations

[ENV01-J. Be aware of the JVM Tool Interface]

[ENV02-J. Be aware of the Java Platform Debugger Architecture]

[ENV03-J. Limit remote uses of JVM Monitoring and Managing]

Rules

[ENV30-J. Create a secure sandbox using a Security Manager]

[ENV31-J. Never grant AllPermission to untrusted code]

[ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks]

[ENV33-J. Do not grant RuntimePermission with target createClassLoader]

[ENV34-J. Do not disable bytecode verification]

[ENV35-J. Provide a trusted environment and sanitize all inputs]

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

[!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_left.png!]      [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_up.png!]      [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_right.png!]</textarea>
</div>
<input id="selectedText" name="selectedText" type="hidden">
<input type="hidden" name="sel1"> <input type="hidden" name="sel2"> <input type="hidden" name="inPreview" value="false"/>
<input type="hidden" name="mode" value="markup"/>
<input type="hidden" name="xhtml" value="false"/>

<div id="preview" class="hidden">
<div id="previewArea"></div>
</div>
<div id="macro-browser-templates" class="hidden">
<ol id="macro-summaries-template" class="macro-list"></ol>
<ul>
<li id="macro-summary-template" class="macro-list-item">
<h3 class="macro-title"></h3>
<div class="macro-desc"></div>
</li>
</ul>
<div id="macro-insert-template">
<input class="macro-name" type="hidden"/>
<div class="macro-preview-container dialog-panel">
<div class="macro-preview-header">
<a href="#">Refresh</a>
<span>Preview</span>
</div>
<div class="macro-preview"></div>
</div>
<div class="macro-input-fields dialog-panel"></div>
</div>
<span id="macro-doco-link-template">
<a href="#" class="macro-doco-link">Documentation</a>
</span>
<div id="macro-freeform-template" class="macro-freeform-div">
<div class="macro-freeform-desc">This macro does not provide any parameter information. If the available information does not help, you may find its documentation at <a href=http://confluence.atlassian.com/display/CONFEXT>Confluence Extensions</a>.</div>
<div class="macro-freeform-input">

Unknown macro: {<span class="macro-name-display"></span><input type="text" class="macro-text"/>}

</div>
<div class="macro-example hidden">
<h3 class="underlined">Examples</h3>
</div>
<div class="macro-help hidden">
<h3 class="underlined">Description</h3>
</div>
</div>
<div id="macro-param-template" class="macro-param-div">
<label></label>
<input type="text" class="text"/>
</div>
<div id="macro-param-checkbox-template" class="macro-param-div boolean-param">
<label></label>
<input type="checkbox" value="true"/>
</div>
<div id="macro-param-select-template" class="macro-param-div">
<label></label>
<select></select>
</div>
<div id="macro-param-hidden-text-template" class="macro-param-div">
<label></label>
<input type="text" class="text"/>
<input type="hidden"/>
</div>
<div id="macro-param-hidden-template" class="macro-param-div">
<input type="hidden"/>
</div>
<div id="macro-param-desc-template" class="macro-param-desc"></div>
<div id="macro-body-template" class="macro-body-div">
<label>Body Text</label>
<textarea class="monospaceInput textarea" type="text" rows="10"></textarea>
</div>
</div> </div>
</div>

<!-- comment field and minor edit checkbox -->
<div class="inputSection">
<div class="minor-edit">
<input id="minorEdit" type="checkbox" name="minorEdit" value="true" />
<label for="minorEdit">
<span class="smalltext"><b>Minor change?</b> (no notifications will be sent)</span>
</label>
</div>
<span class="formtitle">Comment:</span>
<input type="text"
name="versionComment"
size="40" tabindex="6" class="monospaceInput" style="width: 50%" /> </div>

<!-- content location editor -->
<div class="inputSection">

<fieldset class="hidden parameters">
<input type="hidden" title="editLabel" value="Edit">
<input type="hidden" title="doneLabel" value="Done">
<input type="hidden" title="showLocation" value="false">
<input type="hidden" title="hasChildren" value="true">
<input type="hidden" title="availableSpacesSize" value="4">
<input type="hidden" title="spaceKey" value="java">
<input type="hidden" title="pageId" value="33128636">
<input type="hidden" title="actionMode" value="edit">
<input type="hidden" title="parentPageId" value="4179">
<input type="hidden" title="expandedNodes" class="list" value="4179">
</fieldset>

<span class="formtitle">Location:</span>
<span id="location_info">
<span id="space_info" >
<span id="space_content">java</span>
</span>
<span id="parent_info" >
> <span id="parent_content">The CERT Sun Microsystems Secure Coding Standard for Java</span>
</span>
<a href="" class="inline-control-link" id="location_edit_link">Edit</a>
</span>

<a name="locationSection"/>
<div id="location_div" class="toggleFormDiv editor-panel hidden">

<div class="smalltext" style="float:right">You can move the highlighted page by dragging it to a new position in the tree.</div>
<div>
<label id="currentLocation" class="formtitle">Space</label>

<select id="newSpaceKey" name="newSpaceKey" tabindex="3">
<option value="cplusplus" >C++ Secure Coding Practices</option>
<option value="java" selected>java</option>
<option value="seccode" >Secure Coding</option>
<option value="SD" >Secure Design</option>
</select>
</div>

<div id="resultsDiv"></div>
<div style="padding: 10px" id="outer-container"><div id="tree-div" style="min-height:150px"></div></div>
<input id="parentPageString" type="hidden" value="The CERT Sun Microsystems Secure Coding Standard for Java" name="parentPageString"/>
<input id="hierarchy_checkbox" type="hidden" name="moveHierarchy" value="true" />
<input id="position" type="hidden" value="" name="position"/>
<input id="targetId" type="hidden" value="" name="targetId"/>
</div>
</div>

<!-- content permissions -->
<div class="inputSection">

<!-- Copy some methods out of prototype 1.5 since we can't rev to it yet due to it causing a memory leak in jwebunit 1.2 and hence our func tests -->
<!-- this block of javascript can be removed when we rev to prototype 1.5 -->
<script type="text/javascript">
Array.prototype.indexOf = function(object)

Unknown macro: { for (var i = 0, length = this.length; i < length; i++) if (this[i] == object) return i; return -1; }

Array.prototype.without = function()
{
var values = $A(arguments);
return this.select(function(value)

Unknown macro: { return !values.include(value); }

);
}

String.prototype.strip = function()

Unknown macro: { return this.replace(/^s+/, '').replace(/s+$/, ''); }

</script>

<script type="text/javascript">

var viewPagePermissions = new PagePermissions();

var editPagePermissions = new PagePermissions();

var viewPermissionManager = new PermissionManager(PagePermissionType.VIEW);
var editPermissionManager = new PermissionManager(PagePermissionType.EDIT);
var currentPermissionManager = viewPermissionManager;

i18n['perms.remove'] = 'Remove';
i18n['done.name.caps'] = 'Done';
i18n['edit.name.caps'] = 'Edit';
i18n['page.perms.viewing.restricted'] = 'Viewing restricted to:';
i18n['page.perms.editing.restricted'] = 'Editing restricted to:';
i18n['page.perms.no.view.restrictions'] = 'No viewing restrictions set on this page';
i18n['page.perms.no.edit.restrictions'] = 'No editing restrictions set on this page';
i18n['page.perms.duplicate.names'] = 'Duplicate user or group name(s):';
i18n['page.perms.invalid.entity.names'] = 'Invalid user or group name(s):';

</script>

</div>

<!-- labels section -->
<div class="inputSection">

<fieldset class="hidden parameters">
<input type="hidden" id="editLabel" value="Edit">
<input type="hidden" id="doneLabel" value="Done">
<input type="hidden" id="pageId" value="33128636">
</fieldset>

<div id="labels_tab">
<span class="formtitle">Labels: </span>
<a href="" class="inline-control-link" id="labels_edit_link">Edit</a>
</div>
<div id="labels_info">

</div>

<div id="labels_div" class="toggleFormDiv editor-panel hidden" style="padding: 8px;">
<table width="100%">
<tr>
<td width="60%" valign="top">
<span class="error">
<span class="errorMessage" id="errorSpan"></span>
</span>
<input autocomplete="off" type="text" id="labelsString" name="labelsString" value="" class="monospaceInput" style="width:100%;" />
<div class="smalltext">Looking for a label? Just start typing.</div>
<div class="auto_complete" id="labelsAutocompleteList"></div>
</td>
<td valign="top">
<div id="suggestedLabelsSpan" style="margin-top:5px;">
</div>
</td>
</tr>
</table>
</div>
</div>

<div class="submit-buttons bottom">
<input tabindex="102" accessKey="s" type="submit" name="confirm" value="Save">  
<input tabindex="104" type="submit" name="cancel" value="Cancel"> </div>
</div>
</form>
</div>
</div>
</td>

<td valign="top" id="helptd" style="display:block; width:200px; border-top:1px solid #CCC;">
<div style="padding-left:5px;">
<div id="info-panel" class="rightpanel">
<h3 id="helpheading">Help Tips</h3>
<div id="helpcontent">
<dl>
<dt class="first">Text formatting</dt>
<dd class="text-formatting"><code>bold</code> <strong>bold</strong></dd>
<dd class="text-formatting"><code>italic</code> <em>italic</em></dd>
<dd class="text-formatting"><code>strike</code> <del>strike</del></dd>
<dd class="text-formatting"><code>under</code> <u>under</u></dd>

<dt>Headings
<dd><code>h1.</code> Large heading</dd>
<dd><code>h3.</code> Medium heading</dd>
<dd><code>h5.</code> Small heading</dd>

<dt>Lists</dt>
<dd><code>*</code> Bulleted point</dd>
<dd><code>#</code> Numbered point</dd>

<dt>Tables</dt>
<dd><pre>||head1 ||head2||

colA1

colA2

colB1

colB2

</pre></dd>

<dt>Links</dt>
<dd><code>[title#anchor]</code> Link a page</dd>
<dd><code>[dev:title]</code> In 'dev' space</dd>
<dd><code>http://host.com</code> Remote link</dd>
<dd><code>[phrase@shortcut]</code> Shortcut</dd>
<dd><code>[alias]</code> Custom link title
</dl>
<a href="/confluence/renderer/notationhelp.action" onClick="window.open('/confluence/renderer/notationhelp.action','notation_help','width=780, height=580, resizable, scrollbars'); return false;">Full notation guide</a>
</div>
</div>
</div>
</td>
</tr>
</table>
<!-- End inner content table -->
</td>
</tr>
</table>
</div>
<!-- <ul id="poweredby">
<li>Powered by <a href="http://www.atlassian.com/software/confluence" class="smalltext">Atlassian Confluence</a> 3.0.0_01, the <a href="http://www.atlassian.com/software/confluence" class="smalltext">Enterprise Wiki</a>.</li>
<li><a href="http://jira.atlassian.com/secure/BrowseProject.jspa?id=10470" class="smalltext">Bug/feature request</a> –</li>
<li><a href="http://www.atlassian.com/about/connected.jsp?s_kwcid=Confluence-stayintouch" class="smalltext">Atlassian news</a> –</li>
<li><a href="/confluence/administrators.action">Contact administrators</a></li>
</ul>
-->

<!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
<span style="display: none"></span>

<!--BEGIN FOOTER -->

<table border="0" width="100%" cellspacing="0" cellpadding="8" bgcolor="#666666"><tr>
<td width="50%"><img src="https://www.cert.org/cert/images/sei_cmu_logo2.gif" alt="Software Engineering Institute | Carnegie Mellon University" border="0" usemap="#footermap"/>
<map name="footermap" id="footermap">
<area shape="rect" coords="2,2,233,19" href="http://www.sei.cmu.edu/" alt="Software Engineering Institute"/>
<area shape="rect" coords="241,3,341,19" href="http://www.cmu.edu/" alt="Carnegie Mellon University" />
</map>
</td>
<td width="50%" align="right">
<span style="font-size:11px; color:#ffffff; font-family:Verdana">
<a style="color:#ffffff" href="https://www.cert.org/">Home</a> |
<a style="color:#ffffff" href="https://www.cert.org/meet_cert/meetcertcc.html">About</a> |
<a style="color:#ffffff" href="https://www.cert.org/contact_cert/">Contact</a> |
<a style="color:#ffffff" href="https://www.cert.org/faq/cert_faq.html">FAQ</a> |
<a style="color:#ffffff" href="https://www.cert.org/stats/">Statistics</a> |
<a style="color:#ffffff" href="https://www.cert.org/jobs/">Jobs</a> |
<a style="color:#ffffff" href="https://www.cert.org/legal_stuff/">Legal</a> |
<a style="color:#ffffff" href="https://www.securecoding.cert.org/confluence/display/seccode/Terms+and+Conditions">Legal</a>
<br/>
Copyright © 1995-2009 Carnegie Mellon University
</td>
</tr>
</table>

<!--END FOOTER -->
</body>
</html>

  • No labels