FIO00-A. Validate deserialized objects
FIO01-A. Canonicalize path names originating from untrusted sources
FIO02-A. Use Runtime.exec() correctly
FIO03-A. Prevent exceptions while logging data
FIO04-A. Understand the limitations of the logging framework
FIO05-A. Document character encoding while performing file IO
FIO31-C. Create a copy of mutable inputs
FIO32-C. Do not serialize sensitive data
FIO33-C. Do not allow serialization and deserialization to bypass the Security Manager
FIO34-C. Ensure all resources are properly closed when they are no longer needed
FIO35-C. Exclude user input from format strings
FIO36-C. Never hardcode sensitive information
FIO37-C. Do not assume infinite heap space when reading in data
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO00-A |
low |
unlikely |
medium |
P2 |
L3 |
Rules |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO30-C |
low |
unlikely |
medium |
P2 |
L3 |