Recommendations

FIO00-J. Reserved (moved to SER)

FIO01-J. Canonicalize path names originating from untrusted sources

FIO02-J. Use Runtime.exec() correctly

FIO03-J. Keep track of bytes read and account for character encoding while reading data

FIO04-J. Reserved

FIO05-J. Document character encoding while performing file or network IO

FIO06-J. Reserved (moved to FIO rules)

FIO07-J. Do not assume infinite heap space

Rules

FIO30-J. Do not log sensitive information

FIO31-J. Create a copy of mutable inputs

FIO32-J. Reserved (moved to SER)

FIO33-J. Reserved (moved to SER)

FIO34-J. Ensure all resources are properly closed when they are no longer needed

FIO35-J. Exclude user input from format strings

FIO36-J. Reserved (moved to MSC31-J)

FIO37-J. Create and delete temporary files safely

FIO38-J. Validate user input

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO00-J

TODO

TODO

TODO

TODO

TODO

FIO01-J

medium

unlikely

medium

P4

L3

FIO02-J

medium

unlikely

medium

P4

L3

FIO03-J

low

unlikely

medium

P2

L3

FIO04-J

TODO

TODO

TODO

TODO

TODO

FIO05-J

TODO

TODO

TODO

TODO

TODO

FIO06-J

TODO

TODO

TODO

TODO

TODO

FIO07-J

medium

probable

high

P4

L3

Rules

Rules

Severity

Likelihood

Remediation Cost

Priority

Level

FIO30-J

TODO

TODO

TODO

TODO

TODO

FIO31-J

TODO

TODO

TODO

TODO

TODO

FIO32-J

TODO

TODO

TODO

TODO

TODO

FIO33-J

TODO

TODO

TODO

TODO

TODO

FIO34-J

low

probable

medium

P4

L3

FIO35-J

medium

unlikely

medium

P4

L3

FIO36-J

high

probable

medium

P12

L1

FIO37-J

medium

probable

high

P4

L3

FIO38-J

medium

probable

high

P4

L3


OBJ35-J. Use checked collections against external code      The CERT Sun Microsystems Secure Coding Standard for Java      SER31-J. Validate deserialized objects