CERT
Skip to end of metadata
Go to start of metadata

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 10.3

Checker

Guideline

BD-SECURITY-TDLOG IDS03-J. Do not log unsanitized user input
BD-SECURITY-TDSQL IDS00-J. Prevent SQL injection
BD.CO.ITMOD DCL02-J. Do not modify the collection's elements during an enhanced for statement
BD.CO.ITMOD MSC06-J. Do not modify the underlying collection when an iteration is in progress
BD.EXCEPT.NP EXP01-J. Do not use a null in a case where an object is required
BD.PB.ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
BD.RES.LEAKS FIO04-J. Release resources when they are no longer needed
BD.RES.LEAKS MSC04-J. Do not leak memory
BD.SECURITY.SENS FIO13-J. Do not log sensitive information outside a trust boundary
BD.SECURITY.TDRFL SEC02-J. Do not base security checks on untrusted sources
BD.SECURITY.TDXML IDS16-J. Prevent XML Injection
BD.TRS.LOCK LCK08-J. Ensure actively held locks are released on exceptional conditions
BD.TRS.TSHL LCK09-J. Do not perform operations that can block while holding a lock
CODSTA.BP.ARM SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CODSTA.BP.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
CODSTA.EPC.AGBPT OBJ03-J. Prevent heap pollution
CODSTA.OIM.OVERRIDE MET09-J. Classes that define an equals() method must also define a hashCode() method
CODSTD.BP.NTX ERR07-J. Do not throw RuntimeException, Exception, or Throwable
EJB.MNDF MET12-J. Do not use finalizers
EXCEPT.ENFC OBJ11-J. Be wary of letting constructors throw exceptions
EXCEPT.NCNPE ERR08-J. Do not catch NullPointerException or any of its ancestors
EXCEPT.NTERR ERR07-J. Do not throw RuntimeException, Exception, or Throwable
GC.FCF MET12-J. Do not use finalizers
GC.FM MET12-J. Do not use finalizers
GC.IFF MET12-J. Do not use finalizers
GC.NCF MET12-J. Do not use finalizers
GLOBAL.ACD DCL00-J. Prevent class initialization cycles
HIBERNATE.LHII FIO13-J. Do not log sensitive information outside a trust boundary
INTER.COS STR00-J. Don't form strings containing partial characters from variable-width encodings
INTER.{CCL,CTLC} STR02-J. Specify an appropriate locale when comparing locale-dependent data
OOP.AHSM MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
OOP.MUCOP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
OOP.MUCOP OBJ05-J. Do not return references to private mutable class members
OOP.MUCOP OBJ06-J. Defensively copy mutable inputs and mutable internal components
OOP.OPM MET04-J. Do not increase the accessibility of overridden or hidden methods
OPT.CCR FIO04-J. Release resources when they are no longer needed
OPT.CCR FIO14-J. Perform proper cleanup at program termination
OPT.CIO FIO04-J. Release resources when they are no longer needed
OPT.CIO FIO14-J. Perform proper cleanup at program termination
OPT.CRWD FIO14-J. Perform proper cleanup at program termination
PB-NUM-FPLI NUM09-J. Do not use floating-point variables as loop counters
PB-RE-NMCD EXP01-J. Do not use a null in a case where an object is required
PB.API.DPRAPI MET02-J. Do not use deprecated or obsolete classes or methods
PB.API.OF MET12-J. Do not use finalizers
PB.API.VAFS IDS06-J. Exclude unsanitized user input from format strings
PB.CUB.ARCF ERR04-J. Do not complete abruptly from a finally block
PB.CUB.ARCF ERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.ATSF ERR04-J. Do not complete abruptly from a finally block
PB.CUB.ATSF ERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.UEIC EXP02-J. Do not use the Object.equals() method to compare two arrays
PB.CUB.UEIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
PB.LOGIC.CRRV FIO08-J. Distinguish between characters or bytes read from a stream and -1
PB.NUM.AIC NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
PB.NUM.BBDCC NUM10-J. Do not construct BigDecimal objects from floating-point literals
PB.NUM.CLP NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
PB.NUM.NAN NUM07-J. Do not attempt comparisons with NaN
PB.NUM.UBD NUM04-J. Do not use floating-point numbers if precise computation is required
PB.NUM.{ICO,BSA,CACO} NUM00-J. Detect or prevent integer overflow
PB.TYPO.EB MSC01-J. Do not use an empty infinite loop
PB.USC.NASSIG EXP00-J. Do not ignore values returned by methods
PORT.ENV ENV02-J. Do not trust the values of environment variables
PORT.EXEC IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
PORT.EXEC FIO07-J. Do not let external processes block on IO buffers
SECURITY.EAB.CMP OBJ09-J. Compare classes and not class names
SECURITY.EAB.CPCL OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.CPCL OBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.CPCL OBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.JVM ERR09-J. Do not allow untrusted code to terminate the JVM
SECURITY.EAB.MPT OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.MPT OBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.MPT OBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SMO OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.SMO OBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.SMO OBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SPFF OBJ10-J. Do not use public static nonfinal fields
SECURITY.ESD.ACW ERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.ESD.CONSEN FIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.PEO FIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.SIF SER03-J. Do not serialize unencrypted sensitive data
SECURITY.IBA.ATF FIO03-J. Remove temporary files before termination
SECURITY.IBA.NATIW JNI00-J. Define wrappers around native methods
SECURITY.IBA.VPPD IDS17-J. Prevent XML External Entity Attacks
SECURITY.UEHL.LGE ERR00-J. Do not suppress or ignore checked exceptions
SECURITY.WSC.ACPST ERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.WSC.AHCA MSC03-J. Never hard code sensitive information
SECURITY.WSC.CLONE OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.WSC.HCCK MSC03-J. Never hard code sensitive information
SECURITY.WSC.HCCS MSC03-J. Never hard code sensitive information
SECURITY.WSC.MCNC OBJ07-J. Sensitive classes must not let themselves be copied
SECURITY.WSC.SCF SEC04-J. Protect sensitive operations with security manager checks
SECURITY.WSC.SCSER SER04-J. Do not allow serialization and deserialization to bypass the security manager
SECURITY.WSC.SRD MSC02-J. Generate strong random numbers
SECURITY.WSC.USC MSC00-J. Use SSLSocket rather than Socket for secure data exchange
SERIAL.IRX SER11-J. Prevent overwriting of externalizable objects
SERIAL.ROWO SER01-J. Do not deviate from the proper signatures of serialization methods
SERIAL.RRSC SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
SERVLET.CETS ERR01-J. Do not allow exceptions to expose sensitive information
TRS.ANF THI02-J. Notify all waiting threads rather than a single thread
TRS.AUTG THI01-J. Do not invoke ThreadGroup methods
TRS.CSTART TSM02-J. Do not use background threads during class initialization
TRS.CTRE TSM01-J. Do not let the this reference escape during object construction
TRS.DCL LCK10-J. Use a correct form of the double-checked locking idiom
TRS.IASF LCK05-J. Synchronize access to static fields that can be modified by untrusted code
TRS.IRUN THI00-J. Do not invoke Thread.run()
TRS.LORD VNA00-J. Ensure visibility when accessing shared primitive variables
TRS.LORD LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
TRS.MRAV VNA00-J. Ensure visibility when accessing shared primitive variables
TRS.MRAV VNA02-J. Ensure that compound operations on shared variables are atomic
TRS.MRAV VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.RLF LCK08-J. Ensure actively held locks are released on exceptional conditions
TRS.SCS LCK01-J. Do not synchronize on objects that may be reused
TRS.SOPF LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
TRS.SSUG VNA02-J. Ensure that compound operations on shared variables are atomic
TRS.SSUG VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.THRD MET02-J. Do not use deprecated or obsolete classes or methods
TRS.THRD THI05-J. Do not use Thread.stop() to terminate threads
TRS.TSHL LCK09-J. Do not perform operations that can block while holding a lock
TRS.UWIL THI03-J. Always invoke wait() and await() methods inside a loop
UC.EF MET12-J. Do not use finalizers
UC.FCSF MET12-J. Do not use finalizers
UC.UCATCH ERR00-J. Do not suppress or ignore checked exceptions