SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 82

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 83

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

IDS06-J

high

probable

medium

P12

L1

Related

...

Guidelines

Examples of related vulnerabilities include:

...

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

...

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a0be86b2-f7ea-4b2a-a877-2ec470534563"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 78

http://cwe.mitre.org/data/definitions/78.html]

...

"Improper

...

Neutralization

...

of

...

Special

...

Elements

...

used

...

in

...

an

...

OS

...

Command

...

('OS

...

Command

...

Injection')

...

"

]]></ac:plain-text-body></ac:structured-macro>

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4d988f76-f162-4a6f-86fc-b9b6686724bc"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess 07]]

Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cd4c1e25-c13f-40b2-94b2-62012b5e5fa6"><ac:plain-text-body><![CDATA[

[[OWASP 2005

AA. Bibliography#OWASP 05]]

[Reviewing Code for OS Injection

http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection

...

]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5f25daf3-a843-45b1-99b3-6a989be2106f"><ac:plain-text-body><![CDATA[

[[Permissions

...

2008

...

AA.

...

Bibliography#Permissions

...

08]

...

]

...

[Permissions

...

in

...

the Java™ SE 6 Development Kit (JDK)

...

http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html],

...

Sun

...

Microsystems,

...

Inc.

...

(2008)

]]></ac:plain-text-body></ac:structured-macro>

...

IDS05-J. Do not log unsanitized user input            IDS13-J. Do not assume every character in a string is the same size