SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 74

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
class Format {
  static Calendar c = 
    new GregorianCalendar(1995, GregorianCalendar.MAY, 23);
  public static void main(String[] args) {  
    // args[0] is the credit card expiration date
    // Perform comparison with c, 
    // if it doesn't match print the following line
    System.out.printf("The%s input did not match! "
        + " HINT: It was issued on %1$terd of some month", args[0],c);
  }
}

...

CERT C Secure Coding Standard

FIO30-C. Exclude user input from format strings

CERT C++ Secure Coding Standard

FIO30-CPP. Exclude user input from format strings

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fa1704b9257c37a6-3a004f1d-4aaa466e-bdcf9dd9-7043acd8b03efdbf7d047e19"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

Injection [RST]

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-134. Uncontrolled format string

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3692b94949692a47-d7285873-48444068-abe89bb7-be937f7e143d642f69e32e61"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[Class Formatter

http://java.sun.com/javase/6/docs/api/java/util/Formatter.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d2b66d09e3f58b46-064cbfed-4c8a4398-815b9e2e-64469ce34366a17922c77c69"><ac:plain-text-body><![CDATA[

[[Seacord 2005

AA. Bibliography#Seacord 05]]

Chapter 6, Formatted Output

]]></ac:plain-text-body></ac:structured-macro>

...