FIO00-J. Canonicalize path names originating from untrusted sources
FIO01-J. Use Runtime.exec() correctly
FIO02-J. Keep track of bytes read and account for character encoding while reading data
FIO03-J. Specify the character encoding while performing file or network IO
FIO30-J. Do not log sensitive information
FIO31-J. Defensively copy mutable inputs and mutable internal components
FIO32-J. Ensure all resources are properly closed when they are no longer needed
FIO33-J. Exclude user input from format strings
FIO34-J. Create and delete temporary files safely
FIO36-J. Do not create multiple buffered wrappers on an InputStream
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO00-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO01-J |
medium |
unlikely |
medium |
P4 |
L3 |
FIO02-J |
medium |
unlikely |
medium |
P4 |
L3 |
FIO03-J |
low |
unlikely |
medium |
P2 |
L3 |
FIO04-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO05-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO06-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO07-J |
medium |
probable |
high |
P4 |
L3 |
Rules |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO30-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO31-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO32-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO33-J |
TODO |
TODO |
TODO |
P??? |
L??? |
FIO34-J |
low |
probable |
medium |
P4 |
L3 |
FIO35-J |
medium |
unlikely |
medium |
P4 |
L3 |
FIO36-J |
high |
probable |
medium |
P12 |
L1 |
FIO37-J |
medium |
probable |
high |
P4 |
L3 |
FIO38-J |
medium |
probable |
high |
P4 |
L3 |
FIO39-J |
low |
unlikely |
medium |
P2 |
L3 |
OBJ38-J. Immutable classes must prohibit extension The CERT Sun Microsystems Secure Coding Standard for Java FIO00-J. Canonicalize path names originating from untrusted sources