Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Checker

Guideline

ATOMICITY VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
BAD_EQ EXP02-J. Do not use the Object.equals() method to compare two arrays
BAD_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
BAD_EQ FIO16-J. Canonicalize path names before validating them
BAD_SHIFT NUM00-J. Detect or prevent integer overflow
CALL_SUPER MET12-J. Do not use finalizers
CHECKED_RETURN EXP00-J. Do not ignore values returned by methods
CHECKED_RETURN FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
CONFIG MSC03-J. Never hard code sensitive information
DC.CODING_STYLE ERR09-J. Do not allow untrusted code to terminate the JVM
DC.THREADING MET12-J. Do not use finalizers
DC.THREADING.thread_run THI00-J. Do not invoke Thread.run()
DIVIDE_BY_ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
DOUBLE_CHECK_LOCK LCK10-J. Use a correct form of the double-checked locking idiom
FB.BC_NULL_INSTANCEOF EXP01-J. Do not use a null in a case where an object is required
FB.DC_DOUBLECHECK LCK10-J. Use a correct form of the double-checked locking idiom
FB.DM_EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
FB.DMI_CONSTANT_DB_ PASSWORD MSC03-J. Never hard code sensitive information
FB.DMI_EMPTY_DB_PASSWORD MSC03-J. Never hard code sensitive information
FB.EI_EXPOSE_REP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
FB.EI_EXPOSE_REP2 OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
FB.EQ_ABSTRACT_SELF EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_ABSTRACT_SELF EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_ALWAYS_FALSE EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_ALWAYS_FALSE EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_ALWAYS_TRUE EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_ALWAYS_TRUE EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_CHECK_FOR_OPERAND_NOT_ COMPATIBLE_WITH_THIS EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_CHECK_FOR_OPERAND_NOT_ COMPATIBLE_WITH_THIS EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_COMPARETO_USE_OBJECT_ EQUALS EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_COMPARETO_USE_OBJECT_ EQUALS EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_COMPARING_CLASS_NAMES EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_COMPARING_CLASS_NAMES EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_DOESNT_OVERRIDE_EQUALS EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_DOESNT_OVERRIDE_EQUALS EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_DONT_DEFINE_EQUALS_ FOR_ENUM EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_DONT_DEFINE_EQUALS_ FOR_ENUM EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_GETCLASS_AND_CLASS_ CONSTANT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_GETCLASS_AND_CLASS_ CONSTANT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_OTHER_NO_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_OTHER_NO_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_OTHER_USE_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_OTHER_USE_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_OVERRIDING_EQUALS_ NOT_SYMMETRIC EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_OVERRIDING_EQUALS_ NOT_SYMMETRIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_SELF_NO_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_SELF_NO_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_SELF_USE_OBJECT EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_SELF_USE_OBJECT EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.EQ_UNUSUAL EXP02-J. Do not use the Object.equals() method to compare two arrays
FB.EQ_UNUSUAL EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.ES_COMPARING_PARAMETER_ STRING_WITH_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.ES_COMPARING_PARAMETER_ STRING_WITH_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.ES_COMPARING_STRINGS_ WITH_EQ EXP03-J. Do not use the equality operators when comparing values of boxed primitives
FB.FI_EMPTY MET12-J. Do not use finalizers
FB.FI_EXPLICIT_INVOCATION MET12-J. Do not use finalizers
FB.FI_FINALIZER_NULLS_FIELDS MET12-J. Do not use finalizers
FB.FI_FINALIZER_ONLY_NULLS_FIELDS MET12-J. Do not use finalizers
FB.FI_MISSING_SUPER_CALL MET12-J. Do not use finalizers
FB.FI_NULLIFY_SUPER MET12-J. Do not use finalizers
FB.FI_PUBLIC_SHOULD_BE_ PROTECTED MET12-J. Do not use finalizers
FB.FI_USELESS MET12-J. Do not use finalizers
FB.IS2_INCONSISTENT_SYNC VNA02-J. Ensure that compound operations on shared variables are atomic
FB.IS2_INCONSISTENT_SYNC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.IS_FIELD_NOT_GUARDED VNA02-J. Ensure that compound operations on shared variables are atomic
FB.IS_FIELD_NOT_GUARDED VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.IS_INCONSISTENT_SYNC VNA02-J. Ensure that compound operations on shared variables are atomic
FB.IS_INCONSISTENT_SYNC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.MS_SHOULD_BE_FINAL OBJ10-J. Do not use public static nonfinal fields
FB.NP_ALWAYS_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_ALWAYS_NULL_EXCEPTION EXP01-J. Do not use a null in a case where an object is required
FB.NP_ARGUMENT_MIGHT_BE_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_BOOLEAN_RETURN_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_CLONE_COULD_RETURN_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_CLOSING_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_DEREFERENCE_OF_ READLINE_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.NP_DOES_NOT_HANDLE_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_EQUALS_SHOULD_HANDLE_ NULL_ARGUMENT EXP01-J. Do not use a null in a case where an object is required
FB.NP_FIELD_NOT_INITIALIZED_ IN_CONSTRUCTOR EXP01-J. Do not use a null in a case where an object is required
FB.NP_GUARANTEED_DEREF EXP01-J. Do not use a null in a case where an object is required
FB.NP_GUARANTEED_DEREF_ON_ EXCEPTION_PATH EXP01-J. Do not use a null in a case where an object is required
FB.NP_IMMEDIATE_DEREFERENCE_ OF_READLINE EXP01-J. Do not use a null in a case where an object is required
FB.NP_LOAD_OF_KNOWN_NULL_ VALUE EXP01-J. Do not use a null in a case where an object is required
FB.NP_NONNULL_FIELD_NOT_ INITIALIZED_IN_CONSTRUCTOR EXP01-J. Do not use a null in a case where an object is required
FB.NP_NONNULL_PARAM_VIOLATION EXP01-J. Do not use a null in a case where an object is required
FB.NP_NONNULL_RETURN_VIOLATION EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_INSTANCEOF EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH_ EXCEPTION EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH_ FROM_RETURN_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_ON_SOME_PATH_ MIGHT_BE_INFEASIBLE EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_PARAM_DEREF EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_PARAM_DEREF_ NONVIRTUAL EXP01-J. Do not use a null in a case where an object is required
FB.NP_NULL_PARAM_DEREF_ALL_ TARGETS_DANGEROUS EXP01-J. Do not use a null in a case where an object is required
FB.NP_PARAMETER_MUST_BE_NON - NULL_BUT_MARKED_AS_NULLABLE EXP01-J. Do not use a null in a case where an object is required
FB.NP_STORE_INTO_NONNULL_FIELD EXP01-J. Do not use a null in a case where an object is required
FB.NP_TOSTRING_COULD_ RETURN_NULL EXP01-J. Do not use a null in a case where an object is required
FB.NP_UNWRITTEN_FIELD EXP01-J. Do not use a null in a case where an object is required
FB.NP_UNWRITTEN_PUBLIC_OR_ PROTECTED_FIELD EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_COMPARISON_ OF_NULL_AND_NONNULL_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_COMPARISON_ TWO_NULL_VALUES EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_NULLCHECK_ OF_NONNULL_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_NULLCHECK_ OF_NULL_VALUE EXP01-J. Do not use a null in a case where an object is required
FB.RCN_REDUNDANT_NULLCHECK_ WOULD_HAVE_BEEN_A_NPE EXP01-J. Do not use a null in a case where an object is required
FB.RU_INVOKE_RUN MET10-J. Follow the general contract when implementing the compareTo() method
FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE IDS00-J. Prevent SQL injection
FB.SQL_PREPARED_STATEMENT_GENERATED_ IDS00-J. Prevent SQL injection
FB.STCAL_INVOKE_ON_STATIC_ CALENDAR_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_INVOKE_ON_STATIC_ CALENDAR_INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.STCAL_INVOKE_ON_STATIC_ DATE_FORMAT_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_INVOKE_ON_STATIC_ DATE_FORMAT_INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.STCAL_STATIC_CALENDAR_ INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_STATIC_CALENDAR_ INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FB.STCAL_STATIC_SIMPLE_DATE_ FORMAT_INSTANCE VNA02-J. Ensure that compound operations on shared variables are atomic
FB.STCAL_STATIC_SIMPLE_DATE_ FORMAT_INSTANCE VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
FORWARD_NULL EXP01-J. Do not use a null in a case where an object is required
GUARDED_BY_VIOLATION VNA02-J. Ensure that compound operations on shared variables are atomic
GUARDED_BY_VIOLATION VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
HARDCODED_CREDENTIALS MSC03-J. Never hard code sensitive information
INDIRECT_GUARDED_BY_VIOLATION VNA02-J. Ensure that compound operations on shared variables are atomic
INDIRECT_GUARDED_BY_VIOLATION VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
ITERATOR FIO04-J. Release resources when they are no longer needed
JDBC_CONNECTION FIO04-J. Release resources when they are no longer needed
LOCK_INVERSION LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
LOCK_ORDERING LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
MISSING_THROW ERR00-J. Do not suppress or ignore checked exceptions
NON_STATIC_GUARDING_STATIC VNA02-J. Ensure that compound operations on shared variables are atomic
NON_STATIC_GUARDING_STATIC VNA02-J. Ensure that compound operations on shared variables are atomic
NON_STATIC_GUARDING_STATIC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
NON_STATIC_GUARDING_STATIC VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
NULL_RETURNS EXP01-J. Do not use a null in a case where an object is required
OS_CMD_INJECTION IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
OVERFLOW_BEFORE_WIDEN NUM00-J. Detect or prevent integer overflow
PATH_MANIPULATION FIO16-J. Canonicalize path names before validating them
PW.ABNORMAL_TERMINATION_ OF_FINALLY_BLOCK ERR04-J. Do not complete abruptly from a finally block
PW.ABNORMAL_TERMINATION_ OF_FINALLY_BLOCK ERR05-J. Do not let checked exceptions escape from a finally block
RESOURCE_LEAK FIO04-J. Release resources when they are no longer needed
REVERSE_INULL EXP01-J. Do not use a null in a case where an object is required
RISKY_CRYPTO MSC02-J. Generate strong random numbers
SERVLET_ATOMICITY VNA00-J. Ensure visibility when accessing shared primitive variables
SERVLET_ATOMICITY VNA02-J. Ensure that compound operations on shared variables are atomic
SQLI IDS00-J. Prevent SQL injection
UNSAFE_DESERIALIZATION SER01-J. Do not deviate from the proper signatures of serialization methods
UNSAFE_DESERIALIZATION SER03-J. Do not serialize unencrypted sensitive data
UNSAFE_DESERIALIZATION SER06-J. Make defensive copies of private mutable components during deserialization
UNSAFE_DESERIALIZATION SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
UNSAFE_REFLECTION SEC02-J. Do not base security checks on untrusted sources