SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 57

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

One potential drawback of this approach is that effective sanitization methods can be difficult to write. A benefit of this approach is that it works well in combination with taint analysis (see Automated Detection, below). For more information on how to securely validate and sanitize a file, see FIO04 FIO00-J. Do not operate on files in shared directories.

Compliant Solution (Built-in File Name and Path)

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="13636a35e9be3195-9b6873d1-444f479f-b8ee839b-4955a30123ef9bab2e74e653"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method doPrivileged()

http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ad115270a8f9282c-7f91ed7d-4ec2472a-9f33961d-a593f51d2b5341df755a293a"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

Sections 6.4, "AccessController"

]]></ac:plain-text-body></ac:structured-macro>

 

9.5 "Privileged Code"

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="737e02adb51e86d6-be4c7be4-49ea4596-9694ad90-89dba21fc550e4c40a04baa8"><ac:plain-text-body><![CDATA[

[[Jovanovic 2006

AA. Bibliography#Jovanovic 06]]

"Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities"

]]></ac:plain-text-body></ac:structured-macro>

...