SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 59

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 60

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Static analysis tools that perform taint analysis can diagnose some violations of this rule.

Other Languages

This rule appears in the C Secure Coding Standard as FIO30-C. Exclude user input from format strings.

This rule appears in the C++ Secure Coding Standard as FIO30-CPP. Exclude user input from format strings.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9140caaca69ee074-f2611344-4a9746ad-8b14832d-00f95ed29f55d039c454cc86"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-134

http://cwe.mitre.org/data/definitions/134.html] "Uncontrolled Format String"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="50acf3c1-61fc-4189-9a1c-566b2493ee8b"><ac:plain-text-body><![CDATA[

[C Secure Coding Standard ]

[seccode:FIO30-C. Exclude user input from format strings].

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c8541371-954e-4a93-9924-a2afe8bb5f14"><ac:plain-text-body><![CDATA[

[C++ Secure Coding Standard ]

[cplusplus:FIO30-CPP. Exclude user input from format strings].

]]></ac:plain-text-body></ac:structured-macro>

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1c05f2031be87f85-f1021766-49554e27-a5e780ba-60f0e57ecfd64202f6ec2cfc"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[Class Formatter

http://java.sun.com/javase/6/docs/api/java/util/Formatter.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4e69fd6c6393772f-e2fe4767-44f543da-aaa19c3b-a3e1089651833d393f10b021"><ac:plain-text-body><![CDATA[

[[Seacord 2005

AA. Bibliography#Seacord 05]]

Chapter 6, Formatted Output

]]></ac:plain-text-body></ac:structured-macro>

...