SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user Brendan Saulsbury

Saved on

compared with

New Version 58

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments \[[Fairbanks 07|AA. Bibliography#Fairbanks 07]\] could assist both programmers and static analysis tools.

Related

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="26e884d156a6e826-2e7ced16-4bff4ba2-8889abb2-e278ad5f1a9d54b8d68ed73b"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Improperly Verified Signature [XZR]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE ID 300, "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')"

 

CWE ID 319, "Cleartext Transmission of Sensitive Information"

 

CWE ID 494, "Download of Code Without Integrity Check"

 

CWE ID 347, "Improper Verification of Cryptographic Signature"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f0520aaf97f82cec-a2b6cf28-43f3415f-b68b8dde-e7145509a340833d78faea68"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2ce98ae1899ccd1b-1664298e-4d3349ef-a46d8644-be290de4ce1cb08e14455824"><ac:plain-text-body><![CDATA[

[[Bea 2008

AA. Bibliography#Bea 08]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="26f52bf1430e6ae8-fc2431c2-44344090-aabb8355-716e9f9c3539e7ccfb03a315"><ac:plain-text-body><![CDATA[

[[Eclipse 2008

AA. Bibliography#Eclipse 08]]

[JAR Signing

http://wiki.eclipse.org/JAR_Signing] and [Signed bundles and protecting against malicious code

http://help.eclipse.org/stable/index.jsp?topic=/org.eclipse.platform.doc.isv/guide]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fd352e460f865401-125626d5-4d7a4716-9230afb0-b43cfe9128753588e453fe91"><ac:plain-text-body><![CDATA[

[[Fairbanks 07

AA. Bibliography#Fairbanks 07]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f5647137578006b0-dc68a3cc-48434bf3-bd58bfae-3eec48d7e65753d4aa6c3513"><ac:plain-text-body><![CDATA[

[[Flanagan 2005

AA. Bibliography#Flanagan 05]]

Chapter 24. The java.util.jar Package

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="037cd13a89f88773-3bd46d29-446c-8eb28c03-9f5650f597a9db73c142dfb6"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

12.8.3 jarsigner

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7407f284e0b91522-6ab7474d-46bb44c3-b05d800f-df307de3d3bb7fa9ab904336"><ac:plain-text-body><![CDATA[

[[Halloway 2001

AA. Bibliography#Halloway 01]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d8fa6facfd134d7c-479542ba-456644f6-bd9dbeb9-b28fda1101adc68fce88965e"><ac:plain-text-body><![CDATA[

[[JarSpec 2008

AA. Bibliography#JarSpec 08]]

Signature Validation

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="26efa88809d621d7-04a41208-4fd847db-aaf9bc64-b1f909bb355669fd3864a6a9"><ac:plain-text-body><![CDATA[

[[Oaks 2001

AA. Bibliography#Oaks 01]]

Chapter 12: Digital Signatures, Signed Classes

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9a8e6cd4f94d650f-4bc346ba-4dc246fe-9eb09af4-db5869386cdac4528fa8cb1f"><ac:plain-text-body><![CDATA[

[[Muchow 2001

AA. Bibliography#Muchow 01]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e8acc63d27da1294-820cc5cb-472b4958-b03aa9bf-0eb8483f69b728bd79d049ad"><ac:plain-text-body><![CDATA[

[[Tutorials 2008

AA. Bibliography#Tutorials 08]]

[The JarRunner Class

http://java.sun.com/docs/books/tutorial/deployment/jar/jarrunner.html], [Lesson: API and Tools Use for Secure Code and File Exchanges

http://java.sun.com/docs/books/tutorial/security/sigcert/index.html] and [Verifying Signed JAR Files

http://java.sun.com/docs/books/tutorial/deployment/jar/verify.html]

]]></ac:plain-text-body></ac:structured-macro>

...