...
CWE-502, "Deserialization of Untrusted Data" | |
Secure Coding Guidelines for the Java Programming Language, Version 3.0 | Guideline 5-3. View deserialization the same as object construction |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1f9a63fe770eef79-fa042d11-44764bc8-9e0ea0ab-4f3a5f18b0c6e9eb43127d0c"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="948a21e569eff0c8-f66547b2-43414932-bb4da2fd-c14ed5dfbce0e8ebdd871a97"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 75, Consider using a custom serialized form | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1a98a2ba481f0f66-654d1932-475c4e3c-be0fb1d2-aee0be0da96b240c3dacf99c"><ac:plain-text-body><![CDATA[ | [[Greanier 2000 | AA. Bibliography#Greanier 00]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e24e66c84527174b-4a64c0e8-40014982-a1dbb93e-dece81746dcd3d60dcfde688"><ac:plain-text-body><![CDATA[ | [[Harold 1999 | AA. Bibliography#Harold 99]] | Chapter 11, Object Serialization, Validation | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b41248f39a45775c-a164efe1-4f8b4355-a835918f-f292ac67ea3388b99746768f"><ac:plain-text-body><![CDATA[ | [[Hawtin 2008 | AA. Bibliography#Hawtin 08]] | Antipattern 8. Believing deserialisation is unrelated to construction | ]]></ac:plain-text-body></ac:structured-macro> |
...