SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 76

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

CERT C Secure Coding Standard

FIO30-C. Exclude user input from format strings

CERT C++ Secure Coding Standard

FIO30-CPP. Exclude user input from format strings

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="977cda6a-0e74-4e19-b119-12ba27e6ce40"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

Injection [RST]

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-134. Uncontrolled format string

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e49138be-e1b0-4867-ae3e-d536f2457b28"><ac:plain-text-body><! [CDATA[ [[API 2006AA. References#API 06]]

[Class Formatterhttp://java.sun.com/javase/6/docs/api/java/util/ Formatter.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fc721937-da9c-43b6-aa81-77404d8a00e9"><ac:plain-text-body><![CDATA[

[[Seacord 2005AA. References#Seacord 05]]

Chapter 6, Formatted Output ]]></ac:plain-text-body></ac:structured-macro>

...

IDS05-J. Use a subset of ASCII for file and path names            IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method