SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 94

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Jon O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failure to sign and then seal objects during transit can lead to loss of object integrity or confidentiality.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER02-J

Medium

Probable

High

P4

L3

Automated Detection

This rule is not amenable to static analysis in the general case.

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.IO.INJ.ANDROID.MESSAGE
JAVA.IO.TAINT.MESSAGE

Android Message Injection (Java)
Tainted Message (Java)

Related Guidelines

MITRE CWE

CWE-319, Cleartext Transmission of Sensitive Information

Bibliography

[API 2014]

 


[Gong 2003]

Section 9.10, "Sealing Objects"

[Harold 1999]

Chapter 11, "Object Serialization"

[Neward 2004]

Item 64, "Use SignedObject to Provide Integrity of Serialized Objects"
Item 65, "Use SealedObject to Provide Confidentiality of Serializable Objects"

[Steel 2005]

Chapter 10, "Securing the Business Tier"

...


...