SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 120

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 121

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2020.2

...

Historically, using a narrow type to capture the return value of a byte input method has resulted in significant vulnerabilities, including command injection attacks; see CA-1996-22 advisory. Consequently, the severity of this error is high.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO08-J

High

Probable

Medium

P12

L1

Automated Detection

Some static analysis tools can detect violations of this rule.

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
java:
Parasoft_V
java:
Parasoft_V
PB.LOGIC.CRRV
Implemented
Check the return value of methods which read or skip input

Related Guidelines

SEI CERT C Coding Standard

FIO34-C. Distinguish between characters read from a file and EOF or WEOF

SEI CERT C++ Coding Standard

FIO34-CPP. Use int to capture the return value of character IO functions
FIO35-CPP. Use feof() and ferror() to detect end-of-file and file errors when sizeof(int) == sizeof(char) 

Bibliography

[API 2014]

Class InputStream

[JLS 2005]

§4.2 "Primitive Types and Values"

[Pugh 2008]

"Waiting for the End"

...


...