View Source

Recommendations

MSC00-J. Eliminate class initialization cycles

MSC01-J. Avoid memory leaks

MSC02-J. Reserved (moved to ENV01-J)

MSC03-J. Reserved (moved to ENV02-J)

MSC04-J. Reserved (moved to ENV03-J)

MSC05-J. Reserved (moved to MSC38-J)

MSC02-J. Avoid cyclic dependencies between packages

MSC03-J. Prefer using URIs to URLs

MSC04-J. Prefer using Iterators over Enumerations

MSC05-J. Carefully design interfaces before releasing them

MSC10-J. Avoid mixing generic and non-generic code if possible

MSC11-J. Library methods should validate their parameters

MSC12-J. Limit the lifetime of sensitive data

MSC13-J. Finish every set of statements associated with a case label with a break statement

Rules

MSC30-J. Generate truly random numbers

MSC31-J. Never hardcode sensitive information

MSC32-J. Reserved (moved to ENV35-J)

MSC33-J. Prevent OS Command Injection

MSC34-J. Prevent against SQL Injection

MSC35-J. Understand how escape characters are interpreted when String literals are compiled

MSC36-J. Prevent XML Injection

MSC37-J. Prevent XPath Injection

MSC38-J. Make sensitive classes noncloneable

MSC39-J. Do not modify the underlying collection when an iteration is in progress

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC00-J	low	unlikely	medium	P2	L3
MSC01-J	low	unlikely	high	P1	L3
MSC02-J	low	unlikely	medium	P2	L3
MSC03-J	medium	probable	medium	P8	L2
MSC04-J	high	probable	low	P18	L1
MSC05-J	medium	probable	medium	P18	L1
MSC06-J	TODO	TODO	TODO	TODO	TODO
MSC07-J	medium	unlikely	medium	P4	L3
MSC08-J	low	unlikely	medium	P2	L3
MSC011-J	medium	unlikely	high	P2	L3

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC30-J	medium	unlikely	medium	P4	L3
MSC35-J	medium	unlikely	high	P2	L3

EXC31-J. Handle checked exceptions that can be thrown within a finally block The CERT Sun Microsystems Secure Coding Standard for Java MSC00-J. Eliminate class initialization cycles