Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
4 Back Matter
Rule or Rec. CC. Analyzers
The Checker Framework_V
Page Information
Title:
The Checker Framework_V
Author:
David Svoboda
Oct 05, 2016
Last Changed by:
David Svoboda
Oct 05, 2016
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/3zdGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (31)
Page:
STR02-J. Specify an appropriate locale when comparing locale-dependent data
Page:
The Checker Framework
Page:
IDS14-J. Do not trust the contents of hidden form fields
Page:
IDS16-J. Prevent XML Injection
Page:
IDS04-J. Safely extract files from ZipInputStream
Page:
IDS06-J. Exclude unsanitized user input from format strings
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
IDS51-J. Properly encode or escape output
Page:
IDS52-J. Prevent code injection
Page:
EXP50-J. Do not confuse abstract object equality with reference equality
Page:
IDS50-J. Use conservative file naming conventions
Page:
IDS55-J. Understand how escape characters are interpreted when strings are loaded
Page:
FIO16-J. Canonicalize path names before validating them
Page:
LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Page:
LCK01-J. Do not synchronize on objects that may be reused
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
IDS01-J. Normalize strings before validating them
Page:
IDS11-J. Perform any string modifications before validation
Page:
MET56-J. Do not use Object.equals() to compare cryptographic keys
Page:
IDS08-J. Sanitize untrusted data included in a regular expression
Page:
IDS03-J. Do not log unsanitized user input
Page:
STR01-J. Do not assume that a Java char fully represents a Unicode code point
Page:
IDS15-J. Do not allow sensitive information to leak outside a trust boundary
Page:
EXP01-J. Do not use a null in a case where an object is required
Page:
IDS00-J. Prevent SQL injection
Page:
IDS53-J. Prevent XPath Injection
Page:
OBJ09-J. Compare classes and not class names
Page:
IDS56-J. Prevent arbitrary file upload
Page:
IDS54-J. Prevent LDAP injection
Page:
STR04-J. Use compatible character encodings when communicating string data between JVMs
Page:
MSC07-J. Prevent multiple instantiations of singleton objects
Hierarchy
Parent Page
Page:
Rule or Rec. CC. Analyzers
Labels
There are no labels assigned to this page.
Recent Changes
Time
Editor
Oct 05, 2016 15:51
David Svoboda
View Page History
Overview
Content Tools
{"serverDuration": 100, "requestCorrelationId": "3283e4b271b54144"}
