SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 157

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 158

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SEI CERT C Coding Standard

ENV03-C. Sanitize the environment when invoking external programs
ENV33-C. Do not call system()

SEI CERT C++ Coding Standard

ENV03-CPP. Sanitize the environment when invoking external programs
VOID ENV02-CPP. Do not call system() if you do not need a command processor

SEI CERT Perl Coding StandardIDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter

ISO/IEC TR 24772:2013

Injection [RST]

MITRE CWE

CWE-78, Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

...

[Chess 2007]

Chapter 5, "Handling Input," section "Command Injection"

[OWASP 2005]A Guide to Building Secure Web Applications and Web Services
[Permissions 2008]Permissions in the Java™ SE 6 Development Kit (JDK)
[Seacord 2015]Image result for video icon IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method LiveLesson

 

...

Image Modified