SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 33

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 34

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: interim save

...

Wiki Markup
The open {{FileInputStream f\[java:0\]}} must not allow {{f\[java:0\]}} to escape out of {{changePassword()}} (see [java:SEC00-J. Do not allow doPrivileged()privileged blocks to leak sensitive information outside a trust boundary]).

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="420c019fb23ca419-6c9f394a-489a4afd-8de0a69c-41f7660440348d7676c8f1fd"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Privilege Sandbox Issues [java:XYO]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE ID 272, "Least Privilege Violation"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ecc9cf16336460f5-df5b6940-42ce4035-8d4482a2-fb979971887acc17ec7eb3a2"><ac:plain-text-body><![CDATA[

[java:[API 2006

AA. Bibliography#API 06]]

Class java.security.AccessController

]]></ac:plain-text-body></ac:structured-macro>

...