Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (4)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 00. Input Validation and Data Sanitization (IDS)
Page Information
Title:
Rule 00. Input Validation and Data Sanitization (IDS)
Author:
Dhruv Mohindra
Oct 14, 2009
Last Changed by:
David Svoboda
May 01, 2023
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/uTdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (8)
Page:
IDS04-J. Safely extract files from ZipInputStream
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
IDS03-J. Do not log unsanitized user input
Page:
IDS01-J. Normalize strings before validating them
Page:
IDS16-J. Prevent XML Injection
Page:
IDS00-J. Prevent SQL injection
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
IDS11-J. Perform any string modifications before validation
Hierarchy
Parent Page
Page:
2 Rules
Children (17)
Page:
IDS00-J. Prevent SQL injection
Page:
IDS01-J. Normalize strings before validating them
Page:
IDS02-J. Canonicalize path names before validating them
Page:
IDS03-J. Do not log unsanitized user input
Page:
IDS04-J. Safely extract files from ZipInputStream
Page:
IDS05-J. Use a safe subset of ASCII for file and path names
Page:
IDS06-J. Exclude unsanitized user input from format strings
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
IDS08-J. Sanitize untrusted data included in a regular expression
Page:
IDS09-J. Specify an appropriate locale when comparing locale-dependent data
Show all...
Page:
IDS10-J. Don't form strings containing partial characters
Page:
IDS11-J. Perform any string modifications before validation
Page:
IDS13-J. Use compatible character encodings on both sides of file or network IO
Page:
IDS14-J. Do not trust the contents of hidden form fields
Page:
IDS15-J. Do not allow sensitive information to leak outside a trust boundary
Page:
IDS16-J. Prevent XML Injection
Page:
IDS17-J. Prevent XML External Entity Attacks
Hide...
Labels
Global Labels (3)
ids
rule-list
section
Recent Changes
Time
Editor
May 01, 2023 11:15
David Svoboda
View Changes
May 01, 2023 08:43
David Svoboda
View Changes
Mar 15, 2022 09:46
David Svoboda
View Changes
Mar 11, 2020 12:59
David Svoboda
View Changes
Mar 11, 2020 12:55
David Svoboda
View Page History
Outgoing Links
External Links (2)
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
SEI CERT Oracle Coding Standard for Java (1)
Home page:
SEI CERT Oracle Coding Standard for Java
Overview
Content Tools
{"serverDuration": 112, "requestCorrelationId": "f918498d7f45bd5b"}