Checker | Guideline |
|---|
| GUI Effect Checker | CON52-J. Document thread-safety and use annotations where applicable |
| Initialization Checker | EXP01-J. Do not use a null in a case where an object is required |
| Interning Checker | EXP50-J. Do not confuse abstract object equality with reference equality |
| Interning Checker | MET56-J. Do not use Object.equals() to compare cryptographic keys |
| Linear Checker | MSC07-J. Prevent multiple instantiations of singleton objects |
| Lock Checker | LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code |
| Lock Checker | LCK01-J. Do not synchronize on objects that may be reused |
| Map Key Checker | EXP01-J. Do not use a null in a case where an object is required |
| Nullness Checker | EXP01-J. Do not use a null in a case where an object is required |
| Signature String Checker | OBJ09-J. Compare classes and not class names |
| Tainting Checker | IDS00-J. Prevent SQL injection |
| Tainting Checker | IDS01-J. Normalize strings before validating them |
| Tainting Checker | IDS03-J. Do not log unsanitized user input |
| Tainting Checker | IDS04-J. Safely extract files from ZipInputStream |
| Tainting Checker | IDS06-J. Exclude unsanitized user input from format strings |
| Tainting Checker | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method |
| Tainting Checker | IDS08-J. Sanitize untrusted data included in a regular expression |
| Tainting Checker | IDS11-J. Perform any string modifications before validation |
| Tainting Checker | IDS16-J. Prevent XML Injection |
| Tainting Checker | IDS17-J. Prevent XML External Entity Attacks |
| Tainting Checker | STR01-J. Do not assume that a Java char fully represents a Unicode code point |
| Tainting Checker | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| Tainting Checker | STR04-J. Use compatible character encodings when communicating string data between JVMs |
| Tainting Checker | FIO16-J. Canonicalize path names before validating them |
| Tainting Checker | IDS50-J. Use conservative file naming conventions |
| Tainting Checker | IDS51-J. Properly encode or escape output |
| Tainting Checker | IDS52-J. Prevent code injection |
| Tainting Checker | IDS53-J. Prevent XPath Injection |
| Tainting Checker | IDS54-J. Prevent LDAP injection |
| Tainting Checker | IDS55-J. Understand how escape characters are interpreted when strings are loaded |
| Tainting Checker | IDS56-J. Prevent arbitrary file upload |
