Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

This page was automatically generated and should not be edited.

Note

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
The Checker Framework_V
The Checker Framework_V

Checker

Guideline

GUI Effect Checker CON52-J. Document thread-safety and use annotations where applicable
Initialization Checker EXP01-J. Do not use a null in a case where an object is required
Interning Checker EXP50-J. Do not confuse abstract object equality with reference equality
Interning Checker MET56-J. Do not use Object.equals() to compare cryptographic keys
Linear Checker MSC07-J. Prevent multiple instantiations of singleton objects
Lock Checker LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Lock Checker LCK01-J. Do not synchronize on objects that may be reused
Map Key Checker EXP01-J. Do not use a null in a case where an object is required
Nullness Checker EXP01-J. Do not use a null in a case where an object is required
Signature String Checker OBJ09-J. Compare classes and not class names
Tainting Checker IDS00-J. Prevent SQL injection
Tainting Checker IDS01-J. Normalize strings before validating them
Tainting Checker IDS03-J. Do not log unsanitized user input
Tainting Checker IDS04-J. Safely extract files from ZipInputStream
Tainting Checker IDS06-J. Exclude unsanitized user input from format strings
Tainting Checker IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Tainting Checker IDS08-J. Sanitize untrusted data included in a regular expression
Tainting Checker IDS11-J. Perform any string modifications before validation
Tainting Checker IDS14-J. Do not trust the contents of hidden form fields
Tainting Checker IDS16-J. Prevent XML Injection
Tainting Checker IDS17-J. Prevent XML External Entity Attacks
Tainting Checker STR01-J. Do not assume that a Java char fully represents a Unicode code point
Tainting Checker STR02-J. Specify an appropriate locale when comparing locale-dependent data
Tainting Checker STR04-J. Use compatible character encodings when communicating string data between JVMs
Tainting Checker FIO16-J. Canonicalize path names before validating them
Tainting Checker IDS50-J. Use conservative file naming conventions
Tainting Checker IDS51-J. Properly encode or escape output
Tainting Checker IDS52-J. Prevent code injection
Tainting Checker IDS53-J. Prevent XPath Injection
Tainting Checker IDS54-J. Prevent LDAP injection
Tainting Checker IDS55-J. Understand how escape characters are interpreted when strings are loaded
Tainting Checker IDS56-J. Prevent arbitrary file upload