SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: v 7/5.0

Checker

Guideline

ATOMICITY VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
BAD_EQ EXP02-J. Do not use the Object.equals() method to compare two arrays
BAD_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
BAD_EQ FIO16-J. Canonicalize path names before validating them
BAD_SHIFT NUM00-J. Detect or prevent integer overflow
CALL_SUPER MET12-J. Do not use finalizers
CHECKED_RETURN EXP00-J. Do not ignore values returned by methods
CHECKED_RETURN FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
CONFIG MSC03-J. Never hard code sensitive information
DC.CODING_STYLE ERR09-J. Do not allow untrusted code to terminate the JVM
DC.THREADING MET12-J. Do not use finalizers
DC.THREADING.thread_run THI00-J. Do not invoke Thread.run()
DIVIDE_BY_ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
DOUBLE_CHECK_LOCK LCK10-J. Use a correct form of the double-checked locking idiom
FB.BC_NULL_INSTANCEOF EXP01-J. Do not use a null in a case where an object is required
FB.DC_DOUBLECHECK LCK10-J. Use a correct form of the double-checked locking idiom
FB.DM_EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
FB.DMI_CONSTANT_DB_ PASSWORD MSC03-J. Never hard code sensitive information
FB.DMI_EMPTY_DB_PASSWORD MSC03-J. Never hard code sensitive information
FB.EI_EXPOSE_REP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
FB.EI_EXPOSE_REP2 OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
FB.EQ_ABSTRACT_SELF EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_ABSTRACT_SELF EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_ALWAYS_FALSE EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_ALWAYS_FALSE EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_ALWAYS_TRUE EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_ALWAYS_TRUE EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_CHECK_FOR_OPERAND_NOT_ COMPATIBLE_WITH_THIS EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_CHECK_FOR_OPERAND_NOT_ COMPATIBLE_WITH_THIS EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_COMPARETO_USE_OBJECT_ EQUALS EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_COMPARETO_USE_OBJECT_ EQUALS EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_COMPARING_CLASS_NAMES EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_COMPARING_CLASS_NAMES EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_DOESNT_OVERRIDE_EQUALS EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_DOESNT_OVERRIDE_EQUALS EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_DONT_DEFINE_EQUALS_ FOR_ENUM EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_DONT_DEFINE_EQUALS_ FOR_ENUM EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_GETCLASS_AND_CLASS_ CONSTANT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_GETCLASS_AND_CLASS_ CONSTANT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_OTHER_NO_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_OTHER_NO_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_OTHER_USE_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_OTHER_USE_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_OVERRIDING_EQUALS_ NOT_SYMMETRIC EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_OVERRIDING_EQUALS_ NOT_SYMMETRIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_SELF_NO_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_SELF_NO_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_SELF_USE_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_SELF_USE_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_UNUSUAL EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_UNUSUAL EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.ES_COMPARING_PARAMETER_ STRING_WITH_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.ES_COMPARING_PARAMETER_ STRING_WITH_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.ES_COMPARING_STRINGS_ WITH_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.FI_EMPTY MET12-J. Do not use finalizers
FB.FI_EXPLICIT_INVOCATION MET12-J. Do not use finalizers
FB.FI_FINALIZER_NULLS_FIELDS MET12-J. Do not use finalizers
FB.FI_FINALIZER_ONLY_NULLS_FIELDS MET12-J. Do not use finalizers
FB.FI_MISSING_SUPER_CALL MET12-J. Do not use finalizers
FB.FI_NULLIFY_SUPER MET12-J. Do not use finalizers
FB.FI_PUBLIC_SHOULD_BE_ PROTECTED MET12-J. Do not use finalizers
FB.FI_USELESS MET12-J. Do not use finalizers
FB.IS2_INCONSISTENT_SYNC VNA02-J. Ensure that compound operations on shared variables are atomic
FB.IS2_INCONSISTENT_SYNC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.IS_FIELD_NOT_GUARDED VNA02-J. Ensure that compound operations on shared variables are atomic
FB.IS_FIELD_NOT_GUARDED VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.IS_INCONSISTENT_SYNC VNA02-J. Ensure that compound operations on shared variables are atomic
FB.IS_INCONSISTENT_SYNC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.LI_LAZY_INIT_STATIC MSC07-J. Prevent multiple instantiations of singleton objects
FB.LI_LAZY_INIT_UPDATE_STATIC MSC07-J. Prevent multiple instantiations of singleton objects
FB.MS_SHOULD_BE_FINAL OBJ10-J. Do not use public static nonfinal fields
FB.NP_ALWAYS_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_ALWAYS_NULL_EXCEPTION EXP01-J. Do not use a null in a case where an object is required
FB.NP_ARGUMENT_MIGHT_BE_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_BOOLEAN_RETURN_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_CLONE_COULD_RETURN_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_CLOSING_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_DEREFERENCE_OF_ READLINE_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.NP_DOES_NOT_HANDLE_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_EQUALS_SHOULD_HANDLE_ NULL_ARGUMENT EXP01-J. Do not use a null in a case where an object is required
FB.NP_FIELD_NOT_INITIALIZED_ IN_CONSTRUCTOR EXP01-J. Do not use a null in a case where an object is required
FB.NP_GUARANTEED_DEREF EXP01-J. Do not use a null in a case where an object is required
FB.NP_GUARANTEED_DEREF_ON_ EXCEPTION_PATH EXP01-J. Do not use a null in a case where an object is required
FB.NP_IMMEDIATE_DEREFERENCE_ OF_READLINE EXP01-J. Do not use a null in a case where an object is required
FB.NP_LOAD_OF_KNOWN_NULL_ VALUE EXP01-J. Do not use a null in a case where an object is required
FB.NP_NONNULL_FIELD_NOT_ INITIALIZED_IN_CONSTRUCTOR EXP01-J. Do not use a null in a case where an object is required
FB.NP_NONNULL_PARAM_VIOLATION EXP01-J. Do not use a null in a case where an object is required
FB.NP_NONNULL_RETURN_VIOLATION EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_INSTANCEOF EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH_ EXCEPTION EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH_ FROM_RETURN_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH_ MIGHT_BE_INFEASIBLE EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_PARAM_DEREF EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_PARAM_DEREF_ NONVIRTUAL EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_PARAM_DEREF_ALL_ TARGETS_DANGEROUS EXP01-J. Do not use a null in a case where an object is required
FB.NP_PARAMETER_MUST_BE_NON - NULL_BUT_MARKED_AS_NULLABLE EXP01-J. Do not use a null in a case where an object is required
FB.NP_STORE_INTO_NONNULL_FIELD EXP01-J. Do not use a null in a case where an object is required
FB.NP_TOSTRING_COULD_ RETURN_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_UNWRITTEN_FIELD EXP01-J. Do not use a null in a case where an object is required
FB.NP_UNWRITTEN_PUBLIC_OR_ PROTECTED_FIELD EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_COMPARISON_ OF_NULL_AND_NONNULL_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_COMPARISON_ TWO_NULL_VALUES EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_NULLCHECK_ OF_NONNULL_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_NULLCHECK_ OF_NULL_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_NULLCHECK_ WOULD_HAVE_BEEN_A_NPE EXP01-J. Do not use a null in a case where an object is required
FB.RU_INVOKE_RUN MET10-J. Follow the general contract when implementing the compareTo() method
FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE IDS00-J. Prevent SQL injection
FB.SQL_PREPARED_STATEMENT_GENERATED_ IDS00-J. Prevent SQL injection
FB.STCAL_INVOKE_ON_STATIC_ CALENDAR_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_INVOKE_ON_STATIC_ CALENDAR_INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.STCAL_INVOKE_ON_STATIC_ DATE_FORMAT_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_INVOKE_ON_STATIC_ DATE_FORMAT_INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.STCAL_STATIC_CALENDAR_ INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_STATIC_CALENDAR_ INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.STCAL_STATIC_SIMPLE_DATE_ FORMAT_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_STATIC_SIMPLE_DATE_ FORMAT_INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FORWARD_NULL EXP01-J. Do not use a null in a case where an object is required
GUARDED_BY_VIOLATION VNA02-J. Ensure that compound operations on shared variables are atomic
GUARDED_BY_VIOLATION VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
HARDCODED_CREDENTIALS MSC03-J. Never hard code sensitive information
INDIRECT_GUARDED_BY_VIOLATION VNA02-J. Ensure that compound operations on shared variables are atomic
INDIRECT_GUARDED_BY_VIOLATION VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
ITERATOR FIO04-J. Release resources when they are no longer needed
JDBC_CONNECTION FIO04-J. Release resources when they are no longer needed
LOCK_INVERSION LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
LOCK_ORDERING LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
MISSING_THROW ERR00-J. Do not suppress or ignore checked exceptions
NON_STATIC_GUARDING_STATIC VNA02-J. Ensure that compound operations on shared variables are atomic
NON_STATIC_GUARDING_STATIC VNA02-J. Ensure that compound operations on shared variables are atomic
NON_STATIC_GUARDING_STATIC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
NON_STATIC_GUARDING_STATIC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
NULL_RETURNS EXP01-J. Do not use a null in a case where an object is required
OS_CMD_INJECTION IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
OVERFLOW_BEFORE_WIDEN NUM00-J. Detect or prevent integer overflow
PATH_MANIPULATION FIO16-J. Canonicalize path names before validating them
PW.ABNORMAL_TERMINATION_ OF_FINALLY_BLOCK ERR04-J. Do not complete abruptly from a finally block
PW.ABNORMAL_TERMINATION_ OF_FINALLY_BLOCK ERR05-J. Do not let checked exceptions escape from a finally block
RESOURCE_LEAK FIO04-J. Release resources when they are no longer needed
REVERSE_INULL EXP01-J. Do not use a null in a case where an object is required
RISKY_CRYPTO MSC02-J. Generate strong random numbers
SERVLET_ATOMICITY VNA00-J. Ensure visibility when accessing shared primitive variables
SERVLET_ATOMICITY VNA02-J. Ensure that compound operations on shared variables are atomic
SINGLETON_RACE MSC07-J. Prevent multiple instantiations of singleton objects
SQLI IDS00-J. Prevent SQL injection
UNSAFE_DESERIALIZATION SER01-J. Do not deviate from the proper signatures of serialization methods
UNSAFE_DESERIALIZATION SER03-J. Do not serialize unencrypted sensitive data
UNSAFE_DESERIALIZATION SER06-J. Make defensive copies of private mutable components during deserialization
UNSAFE_DESERIALIZATION SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
UNSAFE_LAZY_INIT MSC07-J. Prevent multiple instantiations of singleton objects
UNSAFE_REFLECTION SEC02-J. Do not base security checks on untrusted sources