SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 3

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
class Format {
  static Calendar c = new GregorianCalendar(1995, MAY, 23);
  public static void main(String[] args) {  
    //args[0] is the credit card expiration date
    //perform comparison with c, if it doesn't match print the following line
    System.out.printf("The input did not match! HINT: It was issued on %1$terd of some month", c);
  }
}

Risk Assessment

TODOAllowing user input to taint the format string may cause information leakage or denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO35-J

?? medium ??

probable

?? high

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] [Class Formatter|
Java Documentation 
http://java.sun.com/
j2se/1.5.0
javase/6/docs/api/java/util/Formatter.html
Image Removed
Seacord Secure Coding in C and C++, Chapter 6, Formatted 
]
\[[Seacord 05|AA. Java References#Seacord 05]\] Chapter 6, Formatted Output