SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Recommendations

FIO00-A. Validate user input

FIO01-A. Validate deserialized objects

FIO02-A. Canonicalize path names originating from untrusted sources

FIO03-A. Use Runtime.exec() correctly

Rules

FIO30-C. Create a copy of mutable inputs

FIO31-C. Do not serialize sensitive data

FIO32-C. Do not allow serialization and deserialization to bypass the Security Manager

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO00-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

Rules

Rules

Severity

Likelihood

Remediation Cost

Priority

Level

FIO30-C

1 (low)

1 (unlikely)

2 (medium)

P2

L3

  • No labels