Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
java:Parasoft_Vjava:
Parasoft_V

Checker

Guideline

BD-SECURITY-TDLOG IDS03-J. Do not log unsanitized user input
CERT.DCL00.ACD DCL00 BD-SECURITY-TDSQL IDS00-J. Prevent SQL injection class initialization cycles
CERT.DCL02 BD.CO.ITMOD DCL02-J. Do not modify the collection's elements during an enhanced for statement
BD.CO.ITMOD MSC06-J. Do not modify the underlying collection when an iteration is in progress
CERT.DCL51.HMF DCL51-J. Do not shadow or obscure identifiers in subscopes
CERT.DCL52.MVOS DCL52-J. Do not declare more than one variable per declaration
CERT.DCL57.OVAM DCL57-J. Avoid ambiguous overloading of variable arity methods
CERT.DCL60.ACD DCL60-J. Avoid cyclic dependencies between packages
CERT.ENV02.ENV ENV02-J. Do not trust the values of environment variables
CERT.ERR00.LGE ERR00-J. Do not suppress or ignore checked exceptions
CERT.ERR00.UCATCH ERR00-J. Do not suppress or ignore checked exceptions
CERT.ERR01.ACPST ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR01.ACW ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR01.CETS ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR03.REVOBJ ERR03-J. Restore prior object state on method failure
CERT.ERR04.ARCF ERR04-J. Do not complete abruptly from a finally block
CERT.ERR04.ATSF ERR04-J. Do not complete abruptly from a finally block
CERT.ERR05.ARCF ERR05-J. Do not let checked exceptions escape from a finally block
CERT.ERR05.ATSF ERR05-J. Do not let checked exceptions escape from a finally block
CERT.ERR07.NTERR ERR07-J. Do not throw RuntimeException, Exception, or Throwable
CERT.ERR07.NTX ERR07-J. Do not throw RuntimeException, Exception, or Throwable
CERT.ERR08.NCNPE ERR08-J. Do not catch NullPointerException or any of its ancestors
CERT.ERR09.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
CERT.ERR09.JVM ERR09-J. Do not allow untrusted code to terminate the JVM
CERT.ERR51.NCE ERR51-J. Prefer user-defined exceptions over more general exception types
CERT.ERR54.CLFIN ERR54-J. Use a try-with-resources statement to safely handle closeable resources
CERT.EXP00.AECB EXP00-J. Do not ignore values returned by methods
CERT.EXP00.NASSIG EXP00-J. Do not ignore values returned by methods
CERT.EXP01.NCMD EXP01-J. Do not use a null in a case where an object is required
CERT.EXP01 BD.EXCEPT.NP EXP01-J. Do not use a null in a case where an object is required
BD.PB.ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
CERT.EXP02.UEIC EXP02-J. Do not use the Object.equals() method to compare two arrays
CERT.EXP03.UEIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
CERT.EXP05.CID EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
CERT.EXP50.UEIC EXP50-J. Do not confuse abstract object equality with reference equality
CERT.EXP51.ASI EXP51-J. Do not perform assignments in conditional expressions
CERT.EXP52.BLK EXP52-J. Use braces for the body of an if, for, or while statement
CERT.EXP53.APAREN EXP53-J. Use parentheses for precedence of operation
CERT.EXP55.COMT EXP55-J. Use the same type for the second and third operands in conditional expressions
CERT.FIO03.ATF FIO03-J. Remove temporary files before termination
CERT.FIO03.REMTMP FIO03-J. Remove temporary files before termination
CERT.FIO04.CCR FIO04-J. Release resources when they are no longer needed
CERT.FIO04.CIO FIO04-J. Release resources when they are no longer needed
CERT.FIO04 BD.RES.LEAKS FIO04-J. Release resources when they are no longer needed
BD.RES.LEAKS MSC04-J. Do not leak memory
CERT.FIO05.BUFEXP FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code
CERT.FIO06.MULBUF FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream
CERT.FIO07.EXEC FIO07-J. Do not let external processes block on IO buffers
CERT.FIO08.CRRV FIO08-J. Distinguish between characters or bytes read from a stream and -1
CERT.FIO09.ARGWRITE FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
CERT.FIO12.PMRWLED FIO12-J. Provide methods to read and write little-endian data
CERT.FIO13.CONSEN FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13.LHII FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13.PEO FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13 BD.SECURITY.SENS FIO13-J. Do not log sensitive information outside a trust boundary
BD.SECURITY.TDRFL SEC02-J. Do not base security checks on untrusted sources
CERT.FIO14.CCR FIO14-J. Perform proper cleanup at program termination
CERT.FIO14.CIO FIO14-J. Perform proper cleanup at program termination
CERT.FIO14.CRWD FIO14-J. Perform proper cleanup at program termination
CERT.FIO16.CDBV FIO16-J. Canonicalize path names before validating them
CERT.IDS00.TDSQL IDS00-J. Prevent SQL injection
CERT.IDS03.TDLOG IDS03-J. Do not log unsanitized user input
CERT.IDS06.VAFS IDS06-J. Exclude unsanitized user input from format strings
CERT.IDS07.EXEC IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
CERT.IDS11.VPPD IDS11-J. Perform any string modifications before validation
CERT.IDS16 BD.SECURITY.TDXML IDS16-J. Prevent XML Injection
CERT.IDS51.TDRESP IDS51-J. Properly encode or escape output
CERT.IDS51.TDXSS IDS51-J. Properly encode or escape output
CERT.IDS52.TDCODE IDS52-J. Prevent code injection
CERT.IDS53.TDJXPATH IDS53-J. Prevent XPath Injection
CERT.IDS53.TDXPATH IDS53-J. Prevent XPath Injection
CERT.IDS54.TDLDAP IDS54-J. Prevent LDAP injection
CERT.JNI00.NATIW JNI00-J. Define wrappers around native methods
CERT.LCK00.SOPF LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
CERT.LCK01.SCS LCK01-J. Do not synchronize on objects that may be reused
CERT.LCK02.SGC LCK02-J. Do not synchronize on the class object returned by getClass()
CERT.LCK04.SOBC LCK04-J. Do not synchronize on a collection view if the backing collection is accessible
CERT.LCK05.IASF LCK05-J. Synchronize access to static fields that can be modified by untrusted code
CERT.LCK06.INSTLOCK LCK06-J. Do not use an instance lock to protect shared static data
CERT.LCK07.LORD LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
CERT.LCK08 BD.TRS.LOCK LCK08-J. Ensure actively held locks are released on exceptional conditions
CERT.LCK08.RLF LCK08-J. Ensure actively held locks are released on exceptional conditions
CERT.LCK09.TSHL LCK09-J. Do not perform operations that can block while holding a lock
CERT.LCK09.TSHL2 BD.TRS.TSHL LCK09-J. Do not perform operations that can block while holding a lock
CERT.LCK10.DCL LCK10-J. Use a correct form of the double-checked locking idiom
CERT.MET02.DPRAPI MET02-J. Do not use deprecated or obsolete classes or methods
CERT.MET02.THRD MET02 CODSTA.BP.ARM SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CODSTA.BP.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
CODSTA.EPC.AGBPT OBJ03-J. Prevent heap pollution
deprecated or obsolete classes or methods
CERT.MET04.OPM MET04-J. Do not increase the accessibility of overridden or hidden methods
CERT.MET06.CLONE MET06-J. Do not invoke overridable methods in clone()
CERT.MET07.AHSM MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
CERT.MET08.EQREFL MET08-J. Preserve the equality contract when overriding the equals() method
CERT.MET09 CODSTA.OIM.OVERRIDE MET09-J. Classes that define an equals() method must also define a hashCode() method
CERT.MET11.IKICO MET11-J. Ensure that keys used in comparison operations are immutable
CERT.MET12.EF MET12 CODSTD.BP.NTX ERR07-J. Do not throw RuntimeException, Exception, or Throwable use finalizers
CERT.MET12.FCF EJB.MNDF MET12-J. Do not use finalizers
EXCEPT CERT.MET12.ENFC FCSF OBJ11 MET12-J. Be wary of letting constructors throw exceptions Do not use finalizers
CERT.MET12.FM MET12 EXCEPT.NCNPE ERR08-J. Do not catch NullPointerException or any of its ancestors use finalizers
CERT.MET12.IFF MET12 EXCEPT.NTERR ERR07-J. Do not throw RuntimeException, Exception, or Throwable use finalizers
CERT.MET12.MFP GC.FCF MET12-J. Do not use finalizers
GC CERT.MET12.FM MNDF MET12-J. Do not use finalizers
GC CERT.MET12.IFF NCF MET12-J. Do not use finalizers
GC CERT.MET12.NCF OF MET12-J. Do not use finalizers
GLOBAL CERT.MET50.ACD OVERLOAD DCL00 MET50-J. Prevent class initialization cycles Avoid ambiguous or confusing uses of overloading
CERT.MET52.CIFC MET52 HIBERNATE.LHII FIO13-J. Do not log sensitive information outside a trust boundary
INTER.COS STR00-J. Don't form strings containing partial characters from variable-width encodings
INTER.{CCL,CTLC} STR02-J. Specify an appropriate locale when comparing locale-dependent data
OOP.AHSM MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
OOP.MUCOP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
OOP.MUCOP OBJ05-J. Do not return references to private mutable class members
OOP.MUCOP OBJ06-J. Defensively copy mutable inputs and mutable internal components
OOP.OPM MET04-J. Do not increase the accessibility of overridden or hidden methods
OPT.CCR FIO04-J. Release resources when they are no longer needed
OPT.CCR FIO14-J. Perform proper cleanup at program termination
OPT.CIO FIO04-J. Release resources when they are no longer needed
OPT.CIO FIO14-J. Perform proper cleanup at program termination
OPT.CRWD FIO14-J. Perform proper cleanup at program termination
PB-NUM-FPLI NUM09-J. Do not use floating-point variables as loop counters
PB-RE-NMCD EXP01-J. Do not use a null in a case where an object is required
PB.API.DPRAPI MET02-J. Do not use deprecated or obsolete classes or methods
PB.API.OF MET12-J. Do not use finalizers
PB.API.VAFS IDS06-J. Exclude unsanitized user input from format strings
PB.CUB.ARCF ERR04-J. Do not complete abruptly from a finally block
PB.CUB.ARCF ERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.ATSF ERR04-J. Do not complete abruptly from a finally block
PB.CUB.ATSF ERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.UEIC EXP02-J. Do not use the Object.equals() method to compare two arrays
PB.CUB.UEIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
PB.LOGIC.CRRV FIO08-J. Distinguish between characters or bytes read from a stream and -1
PB.NUM.AIC NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
PB.NUM.BBDCC NUM10-J. Do not construct BigDecimal objects from floating-point literals
PB.NUM.CLP NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
PB.NUM.NAN NUM07-J. Do not attempt comparisons with NaN
use the clone() method to copy untrusted method parameters
CERT.MET53.SCLONE MET53-J. Ensure that the clone() method calls super.clone()
CERT.MSC01.EB MSC01-J. Do not use an empty infinite loop
CERT.MSC03.AHCA MSC03-J. Never hard code sensitive information
CERT.MSC03.HCCK MSC03-J. Never hard code sensitive information
CERT.MSC03.HCCS MSC03-J. Never hard code sensitive information
CERT.MSC04.LEAKS MSC04-J. Do not leak memory
CERT.MSC06.ITMOD MSC06-J. Do not modify the underlying collection when an iteration is in progress
CERT.MSC07.ILI MSC07-J. Prevent multiple instantiations of singleton objects
CERT.MSC52.SBC MSC52-J. Finish every set of statements associated with a case label with a break statement
CERT.MSC56.CC MSC56-J. Detect and remove superfluous code and values
CERT.MSC56.SWITCH MSC56-J. Detect and remove superfluous code and values
CERT.MSC56.VOVR MSC56-J. Detect and remove superfluous code and values
CERT.MSC57.PDCL MSC57-J. Strive for logical completeness
CERT.MSC57.PDS MSC57-J. Strive for logical completeness
CERT.MSC60.ASSERT MSC60-J. Do not use assertions to verify the absence of runtime errors
CERT.MSC61.AISSAJAVA MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.AISSAXML MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.CKTS MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.HCCK MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.ICA MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC62.PCCF MSC62-J. Store passwords using a hash function
CERT.MSC62.PLAIN MSC62-J. Store passwords using a hash function
CERT.MSC62.PTPT MSC62-J. Store passwords using a hash function
CERT.MSC62.PWDPROP MSC62-J. Store passwords using a hash function
CERT.MSC62.PWDXML MSC62-J. Store passwords using a hash function
CERT.MSC62.UTAX MSC62-J. Store passwords using a hash function
CERT.MSC62.WCPWD MSC62-J. Store passwords using a hash function
CERT.MSC62.WPWD MSC62-J. Store passwords using a hash function
CERT.NUM00.BSA NUM00-J. Detect or prevent integer overflow
CERT.NUM00.CACO NUM00-J. Detect or prevent integer overflow
CERT.NUM00.ICO NUM00-J. Detect or prevent integer overflow
CERT.NUM01.BADSHIFT NUM01-J. Do not perform bitwise and arithmetic operations on the same data
CERT.NUM01.NCBAV NUM01-J. Do not perform bitwise and arithmetic operations on the same data
CERT.NUM02.ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
CERT.NUM04 PB.NUM.UBD NUM04-J. Do not use floating-point numbers if precise computation is required
PB CERT.NUM.{ICO,BSA,CACO} NUM00-J. Detect or prevent integer overflow
PB.TYPO.EB MSC01-J. Do not use an empty infinite loop
PB.USC.NASSIG EXP00-J. Do not ignore values returned by methods
PORT.ENV ENV02-J. Do not trust the values of environment variables
PORT.EXEC IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
PORT.EXEC FIO07-J. Do not let external processes block on IO buffers
SECURITY.BV.ACL SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
SECURITY.EAB.CMP OBJ09-J. Compare classes and not class names
NUM07.NAN NUM07-J. Do not attempt comparisons with NaN
CERT.NUM08.FPEXC NUM08-J. Check floating-point inputs for exceptional values
CERT.NUM09.FPLI NUM09-J. Do not use floating-point variables as loop counters
CERT.NUM10.BBDCC NUM10-J. Do not construct BigDecimal objects from floating-point literals
CERT.NUM12.CLP NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
CERT.NUM13.AIC NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
CERT.NUM50.IDCD NUM50-J. Convert integers to floating point for floating-point operations
CERT.OBJ03.AGBPT OBJ03-J. Prevent heap pollution
CERT.OBJ04.CLONE SECURITY.EAB.CPCL OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY CERT.EABOBJ04.CPCL OBJ05 OBJ04-J. Do not return references to private mutable class members
SECURITY.EAB.CPCL OBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.JVM ERR09-J. Do not allow untrusted code to terminate the JVM
Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.MPT OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.MUCOP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.SMO SECURITY.EAB.MPT OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY CERT.EABOBJ05.MPT CPCL OBJ05-J. Do not return references to private mutable class members
SECURITY CERT.EABOBJ05.MPT OBJ06 OBJ05-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SMO OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
Do not return references to private mutable class members
CERT.OBJ05.MUCOP OBJ05-J. Do not return references to private mutable class members
CERT.OBJ05 SECURITY.EAB.SMO OBJ05-J. Do not return references to private mutable class members
CERT.OBJ06..MPT OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06.CPCL OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06.MUCOP OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06 SECURITY.EAB.SMO OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ07.MCNC OBJ07-J. Sensitive classes must not let themselves be copied
CERT.OBJ08.INNER OBJ08-J. Do not expose private members of an outer class from within a nested class
CERT.OBJ09.CMP OBJ09-J. Compare classes and not class names
CERT.OBJ10.RMO SECURITY.EAB.SPFF OBJ10-J. Do not use public static nonfinal fields
SECURITY CERT.ESDOBJ10.ACW SPFF ERR01 OBJ10-J. Do not allow exceptions to expose sensitive information
SECURITY.ESD.CONSEN FIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.PEO FIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.SIF SER03-J. Do not serialize unencrypted sensitive data
SECURITY.IBA.ATF FIO03-J. Remove temporary files before termination
SECURITY.IBA.NATIW JNI00-J. Define wrappers around native methods
SECURITY.IBA.VPPD IDS17-J. Prevent XML External Entity Attacks
SECURITY.UEHL.LGE ERR00-J. Do not suppress or ignore checked exceptions
SECURITY.WSC.ACPST ERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.WSC.AHCA MSC03-J. Never hard code sensitive information
SECURITY.WSC.CLONE OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.WSC.HCCK MSC03-J. Never hard code sensitive information
SECURITY.WSC.HCCS MSC03-J. Never hard code sensitive information
SECURITY.WSC.MCNC OBJ07-J. Sensitive classes must not let themselves be copied
SECURITY.WSC.SCF SEC04-J. Protect sensitive operations with security manager checks
use public static nonfinal fields
CERT.OBJ11.EPNFC OBJ11-J. Be wary of letting constructors throw exceptions
CERT.OBJ13.RMO OBJ13-J. Ensure that references to mutable objects are not exposed
CERT.OBJ51.DPAC OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPAF OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPAM OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPC OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPF OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPM OBJ51-J. Minimize the accessibility of classes and their members
CERT.SEC01.PRIVIL SEC01-J. Do not allow tainted variables in privileged blocks
CERT.SEC02.TDRFL SEC02-J. Do not base security checks on untrusted sources
CERT.SEC03.ACL SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
CERT.SEC04.SCF SEC04-J. Protect sensitive operations with security manager checks
CERT.SEC05.ARM SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CERT.SEC51.PCL SEC51-J. Minimize privileged code
CERT.SER00.DUID SER00-J. Enable serialization compatibility during class evolution
CERT.SER01.ROWO SER01-J. Do not deviate from the proper signatures of serialization methods
CERT.SER03.SIF SER03-J. Do not serialize unencrypted sensitive data
CERT.SER04 SECURITY.WSC.SCSER SER04-J. Do not allow serialization and deserialization to bypass the security manager
SECURITY CERT.WSCSER07.SRD RRSC MSC02 SER07-J. Generate strong random numbers
SECURITY.WSC.USC MSC00-J. Use SSLSocket rather than Socket for secure data exchange
Do not use the default serialized form for classes with implementation-defined invariants
CERT.SER09.VREADOBJ SER09-J. Do not invoke overridable methods from the readObject() method
CERT.SER11 SERIAL.IRX SER11-J. Prevent overwriting of externalizable objects
SERIAL.ROWO SER01-J. Do not deviate from the proper signatures of serialization methods
SERIAL.RRSC SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
SERVLET.CETS ERR01-J. Do not allow exceptions to expose sensitive information
CERT.SER12.VOBD SER12-J. Prevent deserialization of untrusted data
CERT.STR00.COS STR00-J. Don't form strings containing partial characters from variable-width encodings
CERT.STR01.NCUCP STR01-J. Do not assume that a Java char fully represents a Unicode code point
CERT.STR02.CCL STR02-J. Specify an appropriate locale when comparing locale-dependent data
CERT.STR02.CTLC STR02-J. Specify an appropriate locale when comparing locale-dependent data
CERT.THI00.IRUN THI00-J. Do not invoke Thread.run()
CERT.THI01.AUTG THI01-J. Do not invoke ThreadGroup methods
CERT.THI02 TRS.ANF THI02-J. Notify all waiting threads rather than a single thread
TRS CERT.THI03.AUTG UWIL THI01 THI03-J. Do not invoke ThreadGroup methods Always invoke wait() and await() methods inside a loop
CERT.THI05.THRD THI05 TRS.CSTART TSM02-J. Do not use background threads during class initialization
TRS.CTRE TSM01-J. Do not let the this reference escape during object construction
TRS.DCL LCK10-J. Use a correct form of the double-checked locking idiom
TRS.IASF LCK05-J. Synchronize access to static fields that can be modified by untrusted code
TRS.ILI MSC07-J. Prevent multiple instantiations of singleton objects
TRS.IRUN THI00-J. Do not invoke Thread.run()
Thread.stop() to terminate threads
CERT.TPS00.ISTART TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts
CERT.TSM00.OSNS TSM00-J. Do not override thread-safe methods with methods that are not thread-safe
CERT.TSM01.CTRE TSM01-J. Do not let the this reference escape during object construction
CERT.TSM02.CSTART TSM02-J. Do not use background threads during class initialization
CERT.VNA00 TRS.LORD VNA00-J. Ensure visibility when accessing shared primitive variables
TRS.LORD LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
TRS CERT.VNA00.MRAV VNA00-J. Ensure visibility when accessing shared primitive variables
TRS CERT.VNA02.MRAV VNA02-J. Ensure that compound operations on shared variables are atomic
TRS.MRAV VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.RLF LCK08-J. Ensure actively held locks are released on exceptional conditions
TRS.SCS LCK01-J. Do not synchronize on objects that may be reused
TRS.SOPF LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
TRS. CERT.VNA02.SSUG VNA02-J. Ensure that compound operations on shared variables are atomic
TRS CERT.VNA03.SSUG MRAV VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.THRD MET02-J. Do not use deprecated or obsolete classes or methods
CERT.VNA03.SSUG VNA03 TRS.THRD THI05-J. Do not use Thread.stop() to terminate threads
TRS.TSHL LCK09-J. Do not perform operations that can block while holding a lock
TRS.UWIL THI03-J. Always invoke wait() and await() methods inside a loop
UC.EF MET12-J. Do not use finalizers
UC.FCSF MET12-J. Do not use finalizers
assume that a group of calls to independently atomic methods is atomic
CRT.MSC02.SRD MSC02-J. Generate strong random numbers
SECURITY.WSC.USC MSC00-J. Use SSLSocket rather than Socket for secure data exchange UC.UCATCH ERR00-J. Do not suppress or ignore checked exceptions