SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 102

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 103

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: removed second reference to IDS01-J

...

This compliant solution just validates the username input before logging it, preventing injection attacks. Refer to IDS00-J. Sanitize untrusted data passed across a trust boundary for more details on input sanitization.

Code Block
bgColor#ccccff
if (!Pattern.matches("[A-Za-z0-9_]+", username)) {
  // Unsanitized username
  logger.severe("User login failed for unauthorized user");
} else if (loginSuccessful) {
  logger.severe("User login succeeded for: " + username);
} else {
  logger.severe("User login failed for: " + username);
}

...