SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 2

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Include Page
java:The Checker Framework_V
java:The Checker Framework_V

Checker

Guideline

GUI Effect CheckerCON52-J. Document thread-safety and use annotations where applicable
Initialization CheckerEXP01-J. Do not use a null in a case where an object is required
Interning CheckerEXP50-J. Do not confuse abstract object equality with reference equality
Interning CheckerMET56-J. Do not use Object.equals() to compare cryptographic keys
Lock CheckerLCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Lock CheckerLCK01-J. Do not synchronize on objects that may be reused
Map Key CheckerEXP01-J. Do not use a null in a case where an object is required
Nullness CheckerEXP01-J. Do not use a null in a case where an object is required
Signature String CheckerOBJ09-J. Compare classes and not class names
Tainting CheckerIDS00-J. Prevent SQL injection
Tainting CheckerIDS01-J. Normalize strings before validating them
Tainting CheckerIDS03-J. Do not log unsanitized user input
Tainting CheckerIDS04-J. Safely extract files from ZipInputStream
Tainting CheckerIDS06-J. Exclude unsanitized user input from format strings
Tainting CheckerIDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Tainting CheckerIDS11-J. Perform any string modifications before validation
Tainting CheckerIDS16-J. Prevent XML Injection
Tainting CheckerIDS17-J. Prevent XML External Entity Attacks
Tainting CheckerSTR01-J. Do not assume that a Java char fully represents a Unicode code point
Tainting CheckerSTR02-J. Specify an appropriate locale when comparing locale-dependent data
Tainting CheckerSTR04-J. Use compatible character encodings when communicating string data between JVMs
Tainting CheckerFIO16-J. Canonicalize path names before validating them
Tainting CheckerIDS50-J. Use conservative file naming conventions
Tainting CheckerIDS51-J. Properly encode or escape output
Tainting CheckerIDS52-J. Prevent code injection
Tainting CheckerIDS53-J. Prevent XPath Injection
Tainting CheckerIDS54-J. Prevent LDAP injection
Tainting CheckerIDS55-J. Understand how escape characters are interpreted when strings are loaded
Tainting CheckerIDS56-J. Prevent arbitrary file upload