Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
java:The Checker Framework_Vjava:
The Checker Framework_V

Checker

Guideline

GUI Effect Checker CON52-J. Document thread-safety and use annotations where applicable
Initialization Checker EXP01-J. Do not use a null in a case where an object is required
Interning Checker EXP50-J. Do not confuse abstract object equality with reference equality
Interning Checker MET56-J. Do not use Object.equals() to compare cryptographic keys
Linear Checker MSC07-J. Prevent multiple instantiations of singleton objects
Lock Checker LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Lock Checker LCK01-J. Do not synchronize on objects that may be reused
Map Key Checker EXP01-J. Do not use a null in a case where an object is required
Nullness Checker EXP01-J. Do not use a null in a case where an object is required
Signature String Checker OBJ09-J. Compare classes and not class names
Tainting Checker IDS00-J. Prevent SQL injection
Tainting Checker IDS01-J. Normalize strings before validating them
Tainting Checker IDS03-J. Do not log unsanitized user input
Tainting Checker IDS04-J. Safely extract files from ZipInputStream
Tainting Checker IDS06-J. Exclude unsanitized user input from format strings
Tainting Checker IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Tainting Checker IDS08-J. Sanitize untrusted data included in a regular expression
Tainting Checker IDS11-J. Perform any string modifications before validation
Tainting Checker IDS14-J. Do not trust the contents of hidden form fields
Tainting Checker IDS16-J. Prevent XML Injection
Tainting Checker IDS17-J. Prevent XML External Entity Attacks
Tainting Checker STR01-J. Do not assume that a Java char fully represents a Unicode code point
Tainting Checker STR02-J. Specify an appropriate locale when comparing locale-dependent data
Tainting Checker STR04-J. Use compatible character encodings when communicating string data between JVMs
Tainting Checker FIO16-J. Canonicalize path names before validating them
Tainting Checker IDS50-J. Use conservative file naming conventions
Tainting Checker IDS51-J. Properly encode or escape output
Tainting Checker IDS52-J. Prevent code injection
Tainting Checker IDS53-J. Prevent XPath Injection
Tainting Checker IDS54-J. Prevent LDAP injection
Tainting Checker IDS55-J. Understand how escape characters are interpreted when strings are loaded
Tainting Checker IDS56-J. Prevent arbitrary file upload