Page Information

Title:	SER06-J. Make defensive copies of private mutable components during deserialization
Author:	Dhruv Mohindra	Mar 02, 2009
Last Changed by:	Jon O'Donnell	Aug 06, 2021
Tiny Link: (useful for email)	https://wiki.sei.cmu.edu/confluence/x/bjdGBQ
Export As:	Word · PDF

Incoming Links

SEI CERT Oracle Coding Standard for Java (2)
Page: MET00-J. Validate method arguments
Page: SER05-J. Do not serialize instances of inner classes

Hierarchy

Parent Page
Page: Rule 14. Serialization (SER)

Labels

Global Labels (5)

Recent Changes

Time	Editor
Aug 06, 2021 09:30	Jon O'Donnell	View Changes
Nov 16, 2017 14:43	Will Snavely	View Changes
Jan 05, 2017 14:54	Will Snavely	View Changes
Jun 26, 2015 11:18	Carol J. Lallier	View Changes
Apr 07, 2015 12:00	Will Snavely

View Page History

Outgoing Links

External Links (5)

https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…

cwe.mitre.org/

https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…

cwe.mitre.org/data/definitions/502.html

SEI CERT C Coding Standard (1) Page: CodeSonar

SEI CERT Oracle Coding Standard for Java (7) Page: CodeSonar_V
Page: Coverity
Page: Rule AA. References
Page: OBJ06-J. Defensively copy mutable inputs and mutable internal components
Home page: SEI CERT Oracle Coding Standard for Java
Page: Rule BB. Glossary
Page: SER03-J. Do not serialize unencrypted sensitive data

Space shortcuts

Page tree