|
Checker
|
Guideline
|
|---|
|
CMP.CLASS
|
OBJ09-J. Compare classes and not class names
|
|
CMP.OBJ
|
EXP03-J. Do not use the equality operators when comparing values of boxed primitives
|
|
EHC.EQ
|
MET09-J. Classes that define an equals() method must also define a hashCode() method
|
|
EHC.HASH
|
MET09-J. Classes that define an equals() method must also define a hashCode() method
|
|
EXC.BROADTHROWS
|
ERR07-J. Do not throw RuntimeException, Exception, or Throwable
|
|
FIN.EMPTY
|
MET12-J. Do not use finalizers
|
|
FIN.NOSUPER
|
MET12-J. Do not use finalizers
|
|
JAVA.SV.XML.INVALID
|
IDS16-J. Prevent XML Injection
|
|
JD.CATCH
|
ERR08-J. Do not catch NullPointerException or any of its ancestors
|
|
JD.EQ.ARR
|
EXP02-J. Do not use the Object.equals() method to compare two arrays
|
|
JD.FINRET
|
ERR04-J. Do not complete abruptly from a finally block
|
|
JD.LOCK.NOTIFY
|
LCK09-J. Do not perform operations that can block while holding a lock
|
|
JD.LOCK.SLEEP
|
LCK09-J. Do not perform operations that can block while holding a lock
|
|
JD.LOCK.WAIT
|
LCK09-J. Do not perform operations that can block while holding a lock
|
|
JD.SYNC.DCL
|
LCK10-J. Use a correct form of the double-checked locking idiom
|
|
JD.UMC.FINALIZE
|
MET12-J. Do not use finalizers
|
|
JD.UMC.RUNFIN
|
MET12-J. Do not use finalizers
|
|
JD.UNCAUGHT
|
ERR05-J. Do not let checked exceptions escape from a finally block
|
|
JD.UNMOD
|
DCL02-J. Do not modify the collection's elements during an enhanced for statement
|
|
NPE.COND
|
EXP01-J. Do not use a null in a case where an object is required
|
|
NPE.CONST
|
EXP01-J. Do not use a null in a case where an object is required
|
|
NPE.RET
|
EXP01-J. Do not use a null in a case where an object is required
|
|
NPE.RET.UTIL
|
EXP01-J. Do not use a null in a case where an object is required
|
|
NPE.STAT
|
EXP01-J. Do not use a null in a case where an object is required
|
|
REDUN.EQNULL
|
EXP01-J. Do not use a null in a case where an object is required
|
|
RI.IGNOREDCALL
|
EXP00-J. Do not ignore values returned by methods
|
|
RR.IGNORED
|
EXP00-J. Do not ignore values returned by methods
|
|
SV.DATA.DB
|
IDS00-J. Prevent SQL injection
|
|
SV.EXEC
|
IDS06-J. Exclude unsanitized user input from format strings
|
|
SV.EXEC
|
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
|
|
SV.EXEC.DIR
|
IDS06-J. Exclude unsanitized user input from format strings
|
|
SV.EXEC.DIR
|
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
|
|
SV.EXEC.ENV
|
IDS06-J. Exclude unsanitized user input from format strings
|
|
SV.EXEC.ENV
|
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
|
|
SV.EXEC.LOCAL
|
IDS06-J. Exclude unsanitized user input from format strings
|
|
SV.EXEC.LOCAL
|
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
|
|
SV.EXEC.PATH
|
IDS06-J. Exclude unsanitized user input from format strings
|
|
SV.EXEC.PATH
|
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
|
|
SV.EXPOSE.FIELD
|
OBJ01-J. Limit accessibility of fields
|
|
SV.EXPOSE.FIELD
|
OBJ10-J. Do not use public static nonfinal fields
|
|
SV.EXPOSE.FIN
|
MET12-J. Do not use finalizers
|
|
SV.EXPOSE.IFIELD
|
OBJ01-J. Limit accessibility of fields
|
|
SV.EXPOSE.MUTABLEFIELD
|
OBJ01-J. Limit accessibility of fields
|
|
SV.EXPOSE.RET
|
OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
|
|
SV.EXPOSE.RET
|
OBJ05-J. Do not return references to private mutable class members
|
|
SV.EXPOSE.STORE
|
OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
|
|
SV.EXPOSE.STORE
|
OBJ05-J. Do not return references to private mutable class members
|
|
SV.HTTP_SPLIT
|
ERR03-J. Restore prior object state on method failure
|
|
SV.IL.DEV
|
ERR01-J. Do not allow exceptions to expose sensitive information
|
|
SV.INT_OVF
|
NUM00-J. Detect or prevent integer overflow
|
|
SV.SHARED.VAR
|
VNA00-J. Ensure visibility when accessing shared primitive variables
|
|
SV.SHARED.VAR
|
VNA01-J. Ensure visibility of shared references to immutable objects
|
|
SV.SHARED.VAR
|
VNA02-J. Ensure that compound operations on shared variables are atomic
|
|
SV.SHARED.VAR
|
LCK05-J. Synchronize access to static fields that can be modified by untrusted code
|
|
SV.SQL
|
IDS00-J. Prevent SQL injection
|
|
SV.SQL.DBSOURCE
|
IDS00-J. Prevent SQL injection
|
|
SV.SSRF.URI
|
ERR03-J. Restore prior object state on method failure
|
|
SV.STRUTS.PRIVATE
|
OBJ01-J. Limit accessibility of fields
|
|
SV.STRUTS.STATIC
|
OBJ01-J. Limit accessibility of fields
|
|
SV.STRUTS.STATIC
|
OBJ10-J. Do not use public static nonfinal fields
|
|
SV.TAINT
|
IDS01-J. Normalize strings before validating them
|
|
SV.TAINT_NATIVE
|
IDS01-J. Normalize strings before validating them
|
|
SV.UMC.EXIT
|
ERR09-J. Do not allow untrusted code to terminate the JVM
|
|
SV.XSS.DB
|
IDS01-J. Normalize strings before validating them
|
|
SV.XSS.REF
|
IDS01-J. Normalize strings before validating them
|
|
SV.XXE.DBF
|
IDS17-J. Prevent XML External Entity Attacks
|
|
SV.XXE.SF
|
IDS17-J. Prevent XML External Entity Attacks
|
|
SV.XXE.SPF
|
IDS17-J. Prevent XML External Entity Attacks
|
|
SV.XXE.TF
|
IDS17-J. Prevent XML External Entity Attacks
|
|
SV.XXE.XIF
|
IDS17-J. Prevent XML External Entity Attacks
|
|
SV.XXE.XRF
|
IDS17-J. Prevent XML External Entity Attacks
|
|
SVLOG_FORGING
|
IDS03-J. Do not log unsanitized user input
|
|
UMC.EXIT
|
ERR09-J. Do not allow untrusted code to terminate the JVM
|
