Checker | Guideline |
|---|
| BD-SECURITY-TDLOG | IDS03-J. Do not log unsanitized user input |
| BD-SECURITY-TDSQL | IDS00-J. Prevent SQL injection |
| BD.API.ARGWRITE | FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255 |
| BD.API.EQREFL | MET08-J. Preserve the equality contract when overriding the equals() method |
| BD.CO.ITMOD | DCL02-J. Do not modify the collection's elements during an enhanced for statement |
| BD.CO.ITMOD | MSC06-J. Do not modify the underlying collection when an iteration is in progress |
| BD.EXCEPT.NP | EXP01-J. Do not use a null in a case where an object is required |
| BD.PB.MULBUF | FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream |
| BD.PB.REVOBJ | ERR03-J. Restore prior object state on method failure |
| BD.PB.VREADOBJ | SER09-J. Do not invoke overridable methods from the readObject() method |
| BD.PB.ZERO | NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors |
| BD.RES.LEAKS | FIO04-J. Release resources when they are no longer needed |
| BD.RES.LEAKS | MSC04-J. Do not leak memory |
| BD.SECURITY.BUFEXP | FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code |
| BD.SECURITY.FPEXC | NUM08-J. Check floating-point inputs for exceptional values |
| BD.SECURITY.PRIVIL | SEC01-J. Do not allow tainted variables in privileged blocks |
| BD.SECURITY.REMTMP | FIO03-J. Remove temporary files before termination |
| BD.SECURITY.SENS | FIO13-J. Do not log sensitive information outside a trust boundary |
| BD.SECURITY.TDRFL | SEC02-J. Do not base security checks on untrusted sources |
| BD.SECURITY.TDXML | IDS16-J. Prevent XML Injection |
| BD.SECURITY.VPPD | IDS11-J. Perform any string modifications before validation |
| BD.TRS.INSTLOCK | LCK06-J. Do not use an instance lock to protect shared static data |
| BD.TRS.LOCK | LCK08-J. Ensure actively held locks are released on exceptional conditions |
| BD.TRS.TSHL | LCK09-J. Do not perform operations that can block while holding a lock |
| CODSTA.BP.ARM | SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields |
| CODSTA.BP.EXIT | ERR09-J. Do not allow untrusted code to terminate the JVM |
| CODSTA.EPC.AGBPT | OBJ03-J. Prevent heap pollution |
| CODSTA.OIM.OVERRIDE | MET09-J. Classes that define an equals() method must also define a hashCode() method |
| CODSTA.READ.CID | EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression |
| CODSTD.BP.NTX | ERR07-J. Do not throw RuntimeException, Exception, or Throwable |
| EJB.MNDF | MET12-J. Do not use finalizers |
| EXCEPT.ENFC EPNFC | OBJ11-J. Be wary of letting constructors throw exceptions |
| EXCEPT.NCNPE | ERR08-J. Do not catch NullPointerException or any of its ancestors |
| EXCEPT.NTERR | ERR07-J. Do not throw RuntimeException, Exception, or Throwable |
| GC.FCF | MET12-J. Do not use finalizers |
| GC.FM | MET12-J. Do not use finalizers |
| GC.IFF | MET12-J. Do not use finalizers |
| GC.NCF | MET12-J. Do not use finalizers |
| GLOBAL.ACD | DCL00-J. Prevent class initialization cycles |
| HIBERNATE.LHII | FIO13-J. Do not log sensitive information outside a trust boundary |
| INTER.CCL | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| INTER.COS | STR00-J. Don't form strings containing partial characters from variable-width encodings |
| INTER.{CCL,CTLC } | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| OOP.AHSM | MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface |
| OOP.MFP | MET12-J. Do not use finalizers |
| OOP.MUCOP | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| OOP.MUCOP | OBJ05-J. Do not return references to private mutable class members |
| OOP.MUCOP | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| OOP.OPM | MET04-J. Do not increase the accessibility of overridden or hidden methods |
| OPT.CCR | FIO04-J. Release resources when they are no longer needed |
| OPT.CCR | FIO14-J. Perform proper cleanup at program termination |
| OPT.CIO | FIO04-J. Release resources when they are no longer needed |
| OPT.CIO | FIO14-J. Perform proper cleanup at program termination |
| OPT.CRWD | FIO14-J. Perform proper cleanup at program termination |
| PB-NUM-FPLI | NUM09-J. Do not use floating-point variables as loop counters |
| PB-RE-NMCD NCMD | EXP01-J. Do not use a null in a case where an object is required |
| PB.API.DPRAPI | MET02-J. Do not use deprecated or obsolete classes or methods |
| PB.API.OF | MET12-J. Do not use finalizers |
| PB.API.VAFS | IDS06-J. Exclude unsanitized user input from format strings |
| PB.CUB.ARCF | ERR04-J. Do not complete abruptly from a finally block |
| PB.CUB.ARCF | ERR05-J. Do not let checked exceptions escape from a finally block |
| PB.CUB.ATSF | ERR04-J. Do not complete abruptly from a finally block |
| PB.CUB.ATSF | ERR05-J. Do not let checked exceptions escape from a finally block |
| PB.CUB.RMO | OBJ10-J. Do not use public static nonfinal fields |
| PB.CUB.UEIC | EXP02-J. Do not use the Object.equals() method to compare two arrays |
| PB.CUB.UEIC | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| PB.IKICO | MET11-J. Ensure that keys used in comparison operations are immutable |
| PB.LOGIC.CRRV | FIO08-J. Distinguish between characters or bytes read from a stream and -1 |
| PB.NUM.AIC | NUM13-J. Avoid loss of precision when converting primitive integers to floating-point |
| PB.NUM.BBDCC | NUM10-J. Do not construct BigDecimal objects from floating-point literals |
| PB.NUM.BSA | NUM00-J. Detect or prevent integer overflow |
| PB.NUM.CACO | NUM00-J. Detect or prevent integer overflow |
| PB.NUM.CLP | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data |
| PB.NUM.ICO | NUM00-J. Detect or prevent integer overflow |
| PB.NUM.NAN | NUM07-J. Do not attempt comparisons with NaN |
| PB.NUM.UBD | NUM04-J. Do not use floating-point numbers if precise computation is required |
| PB.NUM.{ICO,BSA,CACO} TYPO.AECB | EXP00-J. Do not ignore values returned by methods NUM00-J. Detect or prevent integer overflow |
| PB.TYPO.EB | MSC01-J. Do not use an empty infinite loop |
| PB.USC.NASSIG | EXP00-J. Do not ignore values returned by methods |
| PORT.ENV | ENV02-J. Do not trust the values of environment variables |
| PORT.EXEC | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method |
| PORT.EXEC | FIO07-J. Do not let external processes block on IO buffers |
| SECURITY.BV.ACL | SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes |
| SECURITY.EAB.CMP | OBJ09-J. Compare classes and not class names |
| SECURITY.EAB.CPCL | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| SECURITY.EAB.CPCL | OBJ05-J. Do not return references to private mutable class members |
| SECURITY.EAB.CPCL | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| SECURITY.EAB.JVM | ERR09-J. Do not allow untrusted code to terminate the JVM |
| SECURITY.EAB.MPT | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| SECURITY.EAB.MPT | OBJ05-J. Do not return references to private mutable class members |
| SECURITY.EAB.MPT | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| SECURITY.EAB.SMO | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| SECURITY.EAB.SMO | OBJ05-J. Do not return references to private mutable class members |
| SECURITY.EAB.SMO | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| SECURITY.EAB.SPFF | OBJ10-J. Do not use public static nonfinal fields |
| SECURITY.ESD.ACW | ERR01-J. Do not allow exceptions to expose sensitive information |
| SECURITY.ESD.CONSEN | FIO13-J. Do not log sensitive information outside a trust boundary |
| SECURITY.ESD.PEO | FIO13-J. Do not log sensitive information outside a trust boundary |
| SECURITY.ESD.SIF | SER03-J. Do not serialize unencrypted sensitive data |
| SECURITY.IBA.ATF | FIO03-J. Remove temporary files before termination |
| SECURITY.IBA.NATIW CDBV | JNI00 FIO16-J. Define wrappers around native methods Canonicalize path names before validating them |
| SECURITY.IBA.VPPD NATIW | IDS17 JNI00-J. Prevent XML External Entity Attacks Define wrappers around native methods |
| SECURITY.UEHL.LGE | ERR00-J. Do not suppress or ignore checked exceptions |
| SECURITY.WSC.ACPST | ERR01-J. Do not allow exceptions to expose sensitive information |
| SECURITY.WSC.AHCA | MSC03-J. Never hard code sensitive information |
| SECURITY.WSC.CLONE | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| SECURITY.WSC.CLONE | MET06-J. Do not invoke overridable methods in clone() |
| SECURITY.WSC.HCCK | MSC03-J. Never hard code sensitive information |
| SECURITY.WSC.HCCS | MSC03-J. Never hard code sensitive information |
| SECURITY.WSC.MCNC | OBJ07-J. Sensitive classes must not let themselves be copied |
| SECURITY.WSC.SCF | SEC04-J. Protect sensitive operations with security manager checks |
| SECURITY.WSC.SCSER | SER04-J. Do not allow serialization and deserialization to bypass the security manager |
| SECURITY.WSC.SRD | MSC02-J. Generate strong random numbers |
| SECURITY.WSC.USC | MSC00-J. Use SSLSocket rather than Socket for secure data exchange |
| SERIAL.DUID | SER00-J. Enable serialization compatibility during class evolution |
| SERIAL.IRX | SER11-J. Prevent overwriting of externalizable objects |
| SERIAL.ROWO | SER01-J. Do not deviate from the proper signatures of serialization methods |
| SERIAL.RRSC | SER07-J. Do not use the default serialized form for classes with implementation-defined invariants |
| SERVLET.CETS | ERR01-J. Do not allow exceptions to expose sensitive information |
| TRS.ANF | THI02-J. Notify all waiting threads rather than a single thread |
| TRS.AUTG | THI01-J. Do not invoke ThreadGroup methods |
| TRS.CSTART | TSM02-J. Do not use background threads during class initialization |
| TRS.CTRE | TSM01-J. Do not let the this reference escape during object construction |
| TRS.DCL | LCK10-J. Use a correct form of the double-checked locking idiom |
| TRS.IASF | LCK05-J. Synchronize access to static fields that can be modified by untrusted code |
| TRS.ILI | MSC07-J. Prevent multiple instantiations of singleton objects |
| TRS.IRUN | THI00-J. Do not invoke Thread.run() |
| TRS.ISTART | TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts |
| TRS.LORD | VNA00-J. Ensure visibility when accessing shared primitive variables |
| TRS.LORD | LCK07-J. Avoid deadlock by requesting and releasing locks in the same order |
| TRS.MRAV | VNA00-J. Ensure visibility when accessing shared primitive variables |
| TRS.MRAV | VNA02-J. Ensure that compound operations on shared variables are atomic |
| TRS.MRAV | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| TRS.OSNS | TSM00-J. Do not override thread-safe methods with methods that are not thread-safe |
| TRS.RLF | LCK08-J. Ensure actively held locks are released on exceptional conditions |
| TRS.SCS | LCK01-J. Do not synchronize on objects that may be reused |
| TRS.SGC | LCK02-J. Do not synchronize on the class object returned by getClass() |
| TRS.SOBC | LCK04-J. Do not synchronize on a collection view if the backing collection is accessible |
| TRS.SOPF | LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code |
| TRS.SSUG | VNA02-J. Ensure that compound operations on shared variables are atomic |
| TRS.SSUG | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| TRS.THRD | MET02-J. Do not use deprecated or obsolete classes or methods |
| TRS.THRD | THI05-J. Do not use Thread.stop() to terminate threads |
| TRS.TSHL | LCK09-J. Do not perform operations that can block while holding a lock |
| TRS.UWIL | THI03-J. Always invoke wait() and await() methods inside a loop |
| UC.EF | MET12-J. Do not use finalizers |
| UC.FCSF | MET12-J. Do not use finalizers |
| UC.UCATCH | ERR00-J. Do not suppress or ignore checked exceptions |
