SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 48

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 49

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SEC18-J

medium

probable

high

P4

L3

Automated Detection

Wiki Markup
Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments \[[Fairbanks 07|AA. Bibliography#Fairbanks 07]\] could assist both programmers and static analysis tools.
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
 Wiki Markup
\[[JNIFairbanks 20062007|AA. Bibliography#JNIBibliography#Fairbanks 0607]\]
\[[SCGJNI 20072006|AA. Bibliography#SCGBibliography#JNI 0706]\] Guideline 3-3 Define wrappers around native methods
\[[Liang 1997|AA. Bibliography#Liang 97]\]
\[[Macgregor 1998|AA. Bibliography#Macgregor 98]\] Section 2.2.3, Interfaces and Architectures
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 111|http://cwe.mitre.org/data/definitions/111.html] "Direct Use of Unsafe JNI"
\[[SCG 2007|AA. Bibliography#SCG 07]\] Guideline 3-3 Define wrappers around native methods
...
SEC17-J. Create and sign a SignedObject before creating a SealedObject      02. Platform Security (SEC)      SEC19-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar