SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 8

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
titleGenerated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

...

was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Include Page
java:

...

Parasoft_V
java:Parasoft_V

Checker

Guideline

BD-SECURITY-TDLOGIDS03-J. Do not log unsanitized user input
BD-SECURITY-TDSQLIDS00-J. Prevent SQL injection
BD.CO.ITMODDCL02-J. Do not modify the collection's elements during an enhanced for statement
BD.CO.ITMODMSC06-J. Do not modify the underlying collection when an iteration is in progress
BD.EXCEPT.NPEXP01-J. Do not use a null in a case where an object is required
BD.PB.ZERONUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
BD.RES.LEAKSFIO04-J. Release resources when they are no longer needed
BD.RES.LEAKSMSC04-J. Do not leak memory
BD.SECURITY.SENSFIO13-J. Do not log sensitive information outside a trust boundary
BD.SECURITY.TDRFLSEC02-J. Do not base security checks on untrusted sources
BD.SECURITY.TDXMLIDS16-J. Prevent XML Injection
BD.TRS.LOCKLCK08-J. Ensure actively held locks are released on exceptional conditions
BD.TRS.TSHLLCK09-J. Do not perform operations that can block while holding a lock
CODSTA.BP.ARMSEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CODSTA.BP.EXITERR09-J. Do not allow untrusted code to terminate the JVM
CODSTA.EPC.AGBPTOBJ03-J. Prevent heap pollution
CODSTA.OIM.OVERRIDEMET09-J. Classes that define an equals() method must also define a hashCode() method
CODSTD.BP.NTXERR07-J. Do not throw RuntimeException, Exception, or Throwable
EJB.MNDFMET12-J. Do not use finalizers
EXCEPT.ENFCOBJ11-J. Be wary of letting constructors throw exceptions
EXCEPT.NCNPEERR08-J. Do not catch NullPointerException or any of its ancestors
EXCEPT.NTERRERR07-J. Do not throw RuntimeException, Exception, or Throwable
GC.FCFMET12-J. Do not use finalizers
GC.FMMET12-J. Do not use finalizers
GC.IFFMET12-J. Do not use finalizers
GC.NCFMET12-J. Do not use finalizers
GLOBAL.ACDDCL00-J. Prevent class initialization cycles
HIBERNATE.LHIIFIO13-J. Do not log sensitive information outside a trust boundary
INTER.COSSTR00-J. Don't form strings containing partial characters from variable-width encodings
INTER.{CCL,CTLC}STR02-J. Specify an appropriate locale when comparing locale-dependent data
OOP.AHSMMET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
OOP.MUCOPOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
OOP.MUCOPOBJ05-J. Do not return references to private mutable class members
OOP.MUCOPOBJ06-J. Defensively copy mutable inputs and mutable internal components
OOP.OPMMET04-J. Do not increase the accessibility of overridden or hidden methods
OPT.CCRFIO04-J. Release resources when they are no longer needed
OPT.CCRFIO14-J. Perform proper cleanup at program termination
OPT.CIOFIO04-J. Release resources when they are no longer needed
OPT.CIOFIO14-J. Perform proper cleanup at program termination
OPT.CRWDFIO14-J. Perform proper cleanup at program termination
PB-NUM-FPLINUM09-J. Do not use floating-point variables as loop counters
PB-RE-NMCDEXP01-J. Do not use a null in a case where an object is required
PB.API.DPRAPIMET02-J. Do not use deprecated or obsolete classes or methods
PB.API.OFMET12-J. Do not use finalizers
PB.API.VAFSIDS06-J. Exclude unsanitized user input from format strings
PB.CUB.ARCFERR04-J. Do not complete abruptly from a finally block
PB.CUB.ARCFERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.ATSFERR04-J. Do not complete abruptly from a finally block
PB.CUB.ATSFERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.UEICEXP02-J. Do not use the Object.equals() method to compare two arrays
PB.CUB.UEICEXP03-J. Do not use the equality operators when comparing values of boxed primitives
PB.LOGIC.CRRVFIO08-J. Distinguish between characters or bytes read from a stream and -1
PB.NUM.AICNUM13-J. Avoid loss of precision when converting primitive integers to floating-point
PB.NUM.BBDCCNUM10-J. Do not construct BigDecimal objects from floating-point literals
PB.NUM.CLPNUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
PB.NUM.NANNUM07-J. Do not attempt comparisons with NaN
PB.NUM.UBDNUM04-J. Do not use floating-point numbers if precise computation is required
PB.NUM.{ICO,BSA,CACO}NUM00-J. Detect or prevent integer overflow
PB.TYPO.EBMSC01-J. Do not use an empty infinite loop
PB.USC.NASSIGEXP00-J. Do not ignore values returned by methods
PORT.ENVENV02-J. Do not trust the values of environment variables
PORT.EXECIDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
PORT.EXECFIO07-J. Do not let external processes block on IO buffers
SECURITY.EAB.CMPOBJ09-J. Compare classes and not class names
SECURITY.EAB.CPCLOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.CPCLOBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.CPCLOBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.JVMERR09-J. Do not allow untrusted code to terminate the JVM
SECURITY.EAB.MPTOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.MPTOBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.MPTOBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SMOOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.SMOOBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.SMOOBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SPFFOBJ10-J. Do not use public static nonfinal fields
SECURITY.ESD.ACWERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.ESD.CONSENFIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.PEOFIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.SIFSER03-J. Do not serialize unencrypted sensitive data
SECURITY.IBA.ATFFIO03-J. Remove temporary files before termination
SECURITY.IBA.NATIWJNI00-J. Define wrappers around native methods
SECURITY.IBA.VPPDIDS17-J. Prevent XML External Entity Attacks
SECURITY.UEHL.LGEERR00-J. Do not suppress or ignore checked exceptions
SECURITY.WSC.ACPSTERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.WSC.AHCAMSC03-J. Never hard code sensitive information
SECURITY.WSC.CLONEOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.WSC.HCCKMSC03-J. Never hard code sensitive information
SECURITY.WSC.HCCSMSC03-J. Never hard code sensitive information
SECURITY.WSC.MCNCOBJ07-J. Sensitive classes must not let themselves be copied
SECURITY.WSC.SCFSEC04-J. Protect sensitive operations with security manager checks
SECURITY.WSC.SCSERSER04-J. Do not allow serialization and deserialization to bypass the security manager
SECURITY.WSC.SRDMSC02-J. Generate strong random numbers
SECURITY.WSC.USCMSC00-J. Use SSLSocket rather than Socket for secure data exchange
SERIAL.IRXSER11-J. Prevent overwriting of externalizable objects
SERIAL.ROWOSER01-J. Do not deviate from the proper signatures of serialization methods
SERIAL.RRSCSER07-J. Do not use the default serialized form for classes with implementation-defined invariants
SERVLET.CETSERR01-J. Do not allow exceptions to expose sensitive information
TRS.ANFTHI02-J. Notify all waiting threads rather than a single thread
TRS.AUTGTHI01-J. Do not invoke ThreadGroup methods
TRS.CSTARTTSM02-J. Do not use background threads during class initialization
TRS.CTRETSM01-J. Do not let the this reference escape during object construction
TRS.DCLLCK10-J. Use a correct form of the double-checked locking idiom
TRS.IASFLCK05-J. Synchronize access to static fields that can be modified by untrusted code
TRS.IRUNTHI00-J. Do not invoke Thread.run()
TRS.LORDVNA00-J. Ensure visibility when accessing shared primitive variables
TRS.LORDLCK07-J. Avoid deadlock by requesting and releasing locks in the same order
TRS.MRAVVNA00-J. Ensure visibility when accessing shared primitive variables
TRS.MRAVVNA02-J. Ensure that compound operations on shared variables are atomic
TRS.MRAVVNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.RLFLCK08-J. Ensure actively held locks are released on exceptional conditions
TRS.SCSLCK01-J. Do not synchronize on objects that may be reused
TRS.SOPFLCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
TRS.SSUGVNA02-J. Ensure that compound operations on shared variables are atomic
TRS.SSUGVNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.THRDMET02-J. Do not use deprecated or obsolete classes or methods
TRS.THRDTHI05-J. Do not use Thread.stop() to terminate threads
TRS.TSHLLCK09-J. Do not perform operations that can block while holding a lock
TRS.UWILTHI03-J. Always invoke wait() and await() methods inside a loop
UC.EFMET12-J. Do not use finalizers
UC.FCSFMET12-J. Do not use finalizers
UC.UCATCHERR00-J. Do not suppress or ignore checked exceptions