Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Historically, using a narrow type to capture the return value of a byte input method has resulted in significant vulnerabilities, including command injection attacks; see CA-1996-22 advisory. Consequently, the severity of this error is high.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO08-J

High

Probable

Medium

P12

L1

Automated Detection

Some static analysis tools can detect violations of this rule.

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.FIO08.CRRVCheck the return value of methods which read or skip input
SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

EOS_BAD_END_OF_STREAM_CHECKImplemented (since 4.4.0)

Related Guidelines

Bibliography

...


...

Image Modified Image Modified Image Modified