SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 107

changes.mady.by.user Derek Leung

Saved on

compared with

New Version Current

changes.mady.by.user Alexandre GIGLEUX

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
SonarQube
Include Page
SonarQube_V
SonarQube_V

S5042

Expanding archive files is security-sensitive

Related Guidelines

MITRE CWE

CWE-409, Improper Handling of Highly Compressed Data (Data Amplification)

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 1-1 / DOS-1: Beware of activities that may use disproportionate resources

Related Vulnerabilities

VulnerabilityDescription
Zip Slip

Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. It is caused by a failure to validate path names of the files within an archive which can lead to files being extracted outside of the intended directory and overwriting existing system files. An attacker can exploit this vulnerability to overwrite executable files to achieve remote command execution on a victim’s machine. Snyk responsibly disclosed the vulnerability before public disclosure on June 5th 2018. Their blog post and technical paper detailing the vulnerability can be found at https://snyk.io/blog/zip-slip-vulnerability/.


Android Implementation Details

...