Checker | Guideline |
---|
GUI Effect Checker | CON52-J. Document thread-safety and use annotations where applicable |
Initialization Checker | EXP01-J. Do not use a null in a case where an object is required |
Interning Checker | EXP50-J. Do not confuse abstract object equality with reference equality |
Interning Checker | MET56-J. Do not use Object.equals() to compare cryptographic keys |
Lock Checker | LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code |
Lock Checker | LCK01-J. Do not synchronize on objects that may be reused |
Map Key Checker | EXP01-J. Do not use a null in a case where an object is required |
Nullness Checker | EXP01-J. Do not use a null in a case where an object is required |
Signature String Checker | OBJ09-J. Compare classes and not class names |
Tainting Checker | IDS00-J. Prevent SQL injection |
Tainting Checker | IDS01-J. Normalize strings before validating them |
Tainting Checker | IDS03-J. Do not log unsanitized user input |
Tainting Checker | IDS04-J. Safely extract files from ZipInputStream |
Tainting Checker | IDS06-J. Exclude unsanitized user input from format strings |
Tainting Checker | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method |
Tainting Checker | IDS11-J. Perform any string modifications before validation |
Tainting Checker | IDS16-J. Prevent XML Injection |
Tainting Checker | IDS17-J. Prevent XML External Entity Attacks |
Tainting Checker | STR01-J. Do not assume that a Java char fully represents a Unicode code point |
Tainting Checker | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
Tainting Checker | STR04-J. Use compatible character encodings when communicating string data between JVMs |
Tainting Checker | FIO16-J. Canonicalize path names before validating them |
Tainting Checker | IDS50-J. Use conservative file naming conventions |
Tainting Checker | IDS51-J. Properly encode or escape output |
Tainting Checker | IDS52-J. Prevent code injection |
Tainting Checker | IDS53-J. Prevent XPath Injection |
Tainting Checker | IDS54-J. Prevent LDAP injection |
Tainting Checker | IDS55-J. Understand how escape characters are interpreted when strings are loaded |
Tainting Checker | IDS56-J. Prevent arbitrary file upload |