Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Generated Content
Info
title
Note

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

...

was automatically generated and should not be edited.

Note

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
Parasoft_V
Parasoft_V

Checker

Guideline

BD-SECURITY-TDLOGIDS03-J. Do not log unsanitized user input
CERT.DCL00.ACD DCL00BD-SECURITY-TDSQLIDS00-J. Prevent SQL injectionclass initialization cycles
CERT.DCL02BD.CO.ITMOD DCL02-J. Do not modify the collection's elements during an enhanced for statement
BD.CO.ITMODMSC06-J. Do not modify the underlying collection when an iteration is in progress
CERT.DCL51.HMF DCL51-J. Do not shadow or obscure identifiers in subscopes
CERT.DCL52.MVOS DCL52-J. Do not declare more than one variable per declaration
CERT.DCL57.OVAM DCL57-J. Avoid ambiguous overloading of variable arity methods
CERT.DCL60.ACD DCL60-J. Avoid cyclic dependencies between packages
CERT.ENV02.ENV ENV02-J. Do not trust the values of environment variables
CERT.ERR00.LGE ERR00-J. Do not suppress or ignore checked exceptions
CERT.ERR00.UCATCH ERR00-J. Do not suppress or ignore checked exceptions
CERT.ERR01.ACPST ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR01.ACW ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR01.CETS ERR01-J. Do not allow exceptions to expose sensitive information
CERT.ERR03.REVOBJ ERR03-J. Restore prior object state on method failure
CERT.ERR04.ARCF ERR04-J. Do not complete abruptly from a finally block
CERT.ERR04.ATSF ERR04-J. Do not complete abruptly from a finally block
CERT.ERR05.ARCF ERR05-J. Do not let checked exceptions escape from a finally block
CERT.ERR05.ATSF ERR05-J. Do not let checked exceptions escape from a finally block
CERT.ERR07.NTERR ERR07-J. Do not throw RuntimeException, Exception, or Throwable
CERT.ERR07.NTX ERR07-J. Do not throw RuntimeException, Exception, or Throwable
CERT.ERR08.NCNPE ERR08-J. Do not catch NullPointerException or any of its ancestors
CERT.ERR09.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
CERT.ERR09.JVM ERR09-J. Do not allow untrusted code to terminate the JVM
CERT.ERR51.NCE ERR51-J. Prefer user-defined exceptions over more general exception types
CERT.ERR54.CLFIN ERR54-J. Use a try-with-resources statement to safely handle closeable resources
CERT.EXP00.AECB EXP00-J. Do not ignore values returned by methods
CERT.EXP00.NASSIG EXP00-J. Do not ignore values returned by methods
CERT.EXP01.NCMD EXP01-J. Do not use a null in a case where an object is required
CERT.EXP01BD.EXCEPT.NP EXP01-J. Do not use a null in a case where an object is required
BD.PB.ZERONUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
CERT.EXP02.UEIC EXP02-J. Do not use the Object.equals() method to compare two arrays
CERT.EXP03.UEIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
CERT.EXP05.CID EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
CERT.EXP50.UEIC EXP50-J. Do not confuse abstract object equality with reference equality
CERT.EXP51.ASI EXP51-J. Do not perform assignments in conditional expressions
CERT.EXP52.BLK EXP52-J. Use braces for the body of an if, for, or while statement
CERT.EXP53.APAREN EXP53-J. Use parentheses for precedence of operation
CERT.EXP55.COMT EXP55-J. Use the same type for the second and third operands in conditional expressions
CERT.FIO03.ATF FIO03-J. Remove temporary files before termination
CERT.FIO03.REMTMP FIO03-J. Remove temporary files before termination
CERT.FIO04.CCR FIO04-J. Release resources when they are no longer needed
CERT.FIO04.CIO FIO04-J. Release resources when they are no longer needed
CERT.FIO04BD.RES.LEAKS FIO04-J. Release resources when they are no longer needed
BD.RES.LEAKSMSC04-J. Do not leak memory
CERT.FIO05.BUFEXP FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code
CERT.FIO06.MULBUF FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream
CERT.FIO07.EXEC FIO07-J. Do not let external processes block on IO buffers
CERT.FIO08.CRRV FIO08-J. Distinguish between characters or bytes read from a stream and -1
CERT.FIO09.ARGWRITE FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
CERT.FIO12.PMRWLED FIO12-J. Provide methods to read and write little-endian data
CERT.FIO13.CONSEN FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13.LHII FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13.PEO FIO13-J. Do not log sensitive information outside a trust boundary
CERT.FIO13BD.SECURITY.SENS FIO13-J. Do not log sensitive information outside a trust boundary
BD.SECURITY.TDRFLSEC02-J. Do not base security checks on untrusted sources
CERT.FIO14.CCR FIO14-J. Perform proper cleanup at program termination
CERT.FIO14.CIO FIO14-J. Perform proper cleanup at program termination
CERT.FIO14.CRWD FIO14-J. Perform proper cleanup at program termination
CERT.FIO16.CDBV FIO16-J. Canonicalize path names before validating them
CERT.IDS00.TDSQL IDS00-J. Prevent SQL injection
CERT.IDS03.TDLOG IDS03-J. Do not log unsanitized user input
CERT.IDS06.VAFS IDS06-J. Exclude unsanitized user input from format strings
CERT.IDS07.EXEC IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
CERT.IDS11.VPPD IDS11-J. Perform any string modifications before validation
CERT.IDS16BD.SECURITY.TDXML IDS16-J. Prevent XML Injection
CERT.IDS51.TDRESP IDS51-J. Properly encode or escape output
CERT.IDS51.TDXSS IDS51-J. Properly encode or escape output
CERT.IDS52.TDCODE IDS52-J. Prevent code injection
CERT.IDS53.TDJXPATH IDS53-J. Prevent XPath Injection
CERT.IDS53.TDXPATH IDS53-J. Prevent XPath Injection
CERT.IDS54.TDLDAP IDS54-J. Prevent LDAP injection
CERT.JNI00.NATIW JNI00-J. Define wrappers around native methods
CERT.LCK00.SOPF LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
CERT.LCK01.SCS LCK01-J. Do not synchronize on objects that may be reused
CERT.LCK02.SGC LCK02-J. Do not synchronize on the class object returned by getClass()
CERT.LCK04.SOBC LCK04-J. Do not synchronize on a collection view if the backing collection is accessible
CERT.LCK05.IASF LCK05-J. Synchronize access to static fields that can be modified by untrusted code
CERT.LCK06.INSTLOCK LCK06-J. Do not use an instance lock to protect shared static data
CERT.LCK07.LORD LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
CERT.LCK08BD.TRS.LOCK LCK08-J. Ensure actively held locks are released on exceptional conditions
BSANUM00-J. Detect or prevent integer overflow
CACO}NUM00-J. Detect or prevent integer overflow
CERT.LCK08.RLF LCK08-J. Ensure actively held locks are released on exceptional conditions
CERT.LCK09.TSHL LCK09-J. Do not perform operations that can block while holding a lock
CERT.LCK09.TSHL2 LCK09-J. Do not perform operations that can block while holding a lock
CERT.LCK10.DCL LCK10-J. Use a correct form of the double-checked locking idiom
CERT.MET02.DPRAPI MET02-J. Do not use deprecated or obsolete classes or methods
CERT.MET02.THRD MET02-J. Do not use deprecated or obsolete classes or methods
CERT.MET04.OPM MET04CODSTA.BP.ARMSEC05-J. Do not use reflection to increase the accessibility of classes, methods, or fieldsCODSTA.BP.EXIToverridden or hidden methods
CERT.MET06.CLONE MET06ERR09-J. Do not allow untrusted code to terminate the JVM
CODSTA.EPC.AGBPTOBJ03-J. Prevent heap pollution
invoke overridable methods in clone()
CERT.MET07.AHSM MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
CERT.MET08.EQREFL MET08-J. Preserve the equality contract when overriding the equals() method
CERT.MET09CODSTA.OIM.OVERRIDE MET09-J. Classes that define an equals() method must also define a hashCode() method
CODSTD CERT.BPMET11.NTXIKICO ERR07 MET11-J. Do not throw RuntimeException, Exception, or Throwable
CTLC}STR02-J. Specify an appropriate locale when comparing locale-dependent data
Ensure that keys used in comparison operations are immutable
CERT.MET12.EF MET12-J. Do not use finalizers
CERT.MET12.FCF EJB.MNDF MET12-J. Do not use finalizers
EXCEPT CERT.MET12.ENFCFCSF OBJ11 MET12-J. Be wary of letting constructors throw exceptionsDo not use finalizers
CERT.MET12.FM MET12EXCEPT.NCNPEERR08-J. Do not catch NullPointerException or any of its ancestorsuse finalizers
CERT.MET12.IFF MET12EXCEPT.NTERRERR07-J. Do not throw RuntimeException, Exception, or Throwableuse finalizers
CERT.MET12.MFP GC.FCF MET12-J. Do not use finalizers
GC CERT.MET12.FMMNDF MET12-J. Do not use finalizers
GC CERT.MET12.IFFNCF MET12-J. Do not use finalizers
GC CERT.MET12.NCFOF MET12-J. Do not use finalizers
GLOBAL CERT.MET50.ACDOVERLOAD DCL00 MET50-J. Prevent class initialization cyclesAvoid ambiguous or confusing uses of overloading
CERT.MET52.CIFC MET52HIBERNATE.LHIIFIO13-J. Do not log sensitive information outside a trust boundary
INTER.COSSTR00-J. Don't form strings containing partial characters from variable-width encodings
INTER.{CCLSTR02-J. Specify an appropriate locale when comparing locale-dependent data
OOP.AHSMMET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
OOP.MUCOPOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
OOP.MUCOPOBJ05-J. Do not return references to private mutable class members
OOP.MUCOPOBJ06-J. Defensively copy mutable inputs and mutable internal components
OOP.OPMMET04-J. Do not increase the accessibility of overridden or hidden methods
OPT.CCRFIO04-J. Release resources when they are no longer needed
OPT.CCRFIO14-J. Perform proper cleanup at program termination
OPT.CIOFIO04-J. Release resources when they are no longer needed
OPT.CIOFIO14-J. Perform proper cleanup at program termination
OPT.CRWDFIO14-J. Perform proper cleanup at program termination
PB-NUM-FPLINUM09-J. Do not use floating-point variables as loop counters
PB-RE-NMCDEXP01-J. Do not use a null in a case where an object is required
PB.API.DPRAPIMET02-J. Do not use deprecated or obsolete classes or methods
PB.API.OFMET12-J. Do not use finalizers
PB.API.VAFSIDS06-J. Exclude unsanitized user input from format strings
PB.CUB.ARCFERR04-J. Do not complete abruptly from a finally block
PB.CUB.ARCFERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.ATSFERR04-J. Do not complete abruptly from a finally block
PB.CUB.ATSFERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.UEICEXP02-J. Do not use the Object.equals() method to compare two arrays
PB.CUB.UEICEXP03-J. Do not use the equality operators when comparing values of boxed primitives
PB.LOGIC.CRRVFIO08-J. Distinguish between characters or bytes read from a stream and -1
PB.NUM.AICNUM13-J. Avoid loss of precision when converting primitive integers to floating-point
PB.NUM.BBDCCNUM10-J. Do not construct BigDecimal objects from floating-point literals
PB.NUM.CLPNUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
PB.NUM.NANNUM07-J. Do not attempt comparisons with NaN
use the clone() method to copy untrusted method parameters
CERT.MET53.SCLONE MET53-J. Ensure that the clone() method calls super.clone()
CERT.MSC01.EB MSC01-J. Do not use an empty infinite loop
CERT.MSC03.AHCA MSC03-J. Never hard code sensitive information
CERT.MSC03.HCCK MSC03-J. Never hard code sensitive information
CERT.MSC03.HCCS MSC03-J. Never hard code sensitive information
CERT.MSC04.LEAKS MSC04-J. Do not leak memory
CERT.MSC06.ITMOD MSC06-J. Do not modify the underlying collection when an iteration is in progress
CERT.MSC07.ILI MSC07-J. Prevent multiple instantiations of singleton objects
CERT.MSC52.SBC MSC52-J. Finish every set of statements associated with a case label with a break statement
CERT.MSC56.CC MSC56-J. Detect and remove superfluous code and values
CERT.MSC56.SWITCH MSC56-J. Detect and remove superfluous code and values
CERT.MSC56.VOVR MSC56-J. Detect and remove superfluous code and values
CERT.MSC57.PDCL MSC57-J. Strive for logical completeness
CERT.MSC57.PDS MSC57-J. Strive for logical completeness
CERT.MSC60.ASSERT MSC60-J. Do not use assertions to verify the absence of runtime errors
CERT.MSC61.AISSAJAVA MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.AISSAXML MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.CKTS MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.HCCK MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC61.ICA MSC61-J. Do not use insecure or weak cryptographic algorithms
CERT.MSC62.PCCF MSC62-J. Store passwords using a hash function
CERT.MSC62.PLAIN MSC62-J. Store passwords using a hash function
CERT.MSC62.PTPT MSC62-J. Store passwords using a hash function
CERT.MSC62.PWDPROP MSC62-J. Store passwords using a hash function
CERT.MSC62.PWDXML MSC62-J. Store passwords using a hash function
CERT.MSC62.UTAX MSC62-J. Store passwords using a hash function
CERT.MSC62.WCPWD MSC62-J. Store passwords using a hash function
CERT.MSC62.WPWD MSC62-J. Store passwords using a hash function
CERT.NUM00.BSA NUM00-J. Detect or prevent integer overflow
CERT.NUM00.CACO NUM00-J. Detect or prevent integer overflow
CERT.NUM00.ICO NUM00-J. Detect or prevent integer overflow
CERT.NUM01.BADSHIFT NUM01-J. Do not perform bitwise and arithmetic operations on the same data
CERT.NUM01.NCBAV NUM01-J. Do not perform bitwise and arithmetic operations on the same data
CERT.NUM02.ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
CERT.NUM04PB.NUM.UBD NUM04-J. Do not use floating-point numbers if precise computation is required
PB.NUM.{ICONUM00-J. Detect or prevent integer overflow
CERT.NUM07.NAN NUM07-J. Do not attempt comparisons with NaN
CERT.NUM08.FPEXC NUM08-J. Check floating-point inputs for exceptional values
CERT.NUM09.FPLI NUM09PB.TYPO.EBMSC01-J. Do not use an empty infinite loopfloating-point variables as loop counters
CERT.NUM10.BBDCC NUM10PB.USC.NASSIGEXP00-J. Do not ignore values returned by methods
PORT.ENVENV02-J. Do not trust the values of environment variables
PORT.EXECIDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
PORT.EXECFIO07-J. Do not let external processes block on IO buffers
SECURITY.EAB.CMPOBJ09-J. Compare classes and not class names
construct BigDecimal objects from floating-point literals
CERT.NUM12.CLP NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
CERT.NUM13.AIC NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
CERT.NUM50.IDCD NUM50-J. Convert integers to floating point for floating-point operations
CERT.OBJ03.AGBPT OBJ03-J. Prevent heap pollution
CERT.OBJ04.CLONE SECURITY.EAB.CPCL OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY CERT.EABOBJ04.CPCL OBJ05 OBJ04-J. Do not return references to private mutable class members
SECURITY.EAB.CPCLOBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.JVMERR09-J. Do not allow untrusted code to terminate the JVM
Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.MPT OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.MUCOP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
CERT.OBJ04.SMO SECURITY.EAB.MPT OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY CERT.EABOBJ05.MPTCPCL OBJ05-J. Do not return references to private mutable class members
SECURITY CERT.EABOBJ05.MPT OBJ06 OBJ05-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SMOOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
Do not return references to private mutable class members
CERT.OBJ05.MUCOP OBJ05-J. Do not return references to private mutable class members
CERT.OBJ05SECURITY.EAB.SMO OBJ05-J. Do not return references to private mutable class members
CERT.OBJ06..MPT OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06.CPCL OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06.MUCOP OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ06SECURITY.EAB.SMO OBJ06-J. Defensively copy mutable inputs and mutable internal components
CERT.OBJ07.MCNC OBJ07-J. Sensitive classes must not let themselves be copied
CERT.OBJ08.INNER OBJ08-J. Do not expose private members of an outer class from within a nested class
CERT.OBJ09.CMP OBJ09-J. Compare classes and not class names
CERT.OBJ10.RMO SECURITY.EAB.SPFF OBJ10-J. Do not use public static nonfinal fields
SECURITY CERT.ESDOBJ10.ACWSPFF ERR01 OBJ10-J. Do not allow exceptions to expose sensitive information
SECURITY.ESD.CONSENFIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.PEOFIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.SIFSER03-J. Do not serialize unencrypted sensitive data
SECURITY.IBA.ATFFIO03-J. Remove temporary files before termination
SECURITY.IBA.NATIWJNI00-J. Define wrappers around native methods
SECURITY.IBA.VPPDIDS17-J. Prevent XML External Entity Attacks
SECURITY.UEHL.LGEERR00-J. Do not suppress or ignore checked exceptions
SECURITY.WSC.ACPSTERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.WSC.AHCAMSC03-J. Never hard code sensitive information
SECURITY.WSC.CLONEOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.WSC.HCCKMSC03-J. Never hard code sensitive information
SECURITY.WSC.HCCSMSC03-J. Never hard code sensitive information
SECURITY.WSC.MCNCOBJ07-J. Sensitive classes must not let themselves be copied
SECURITY.WSC.SCFSEC04-J. Protect sensitive operations with security manager checks
use public static nonfinal fields
CERT.OBJ11.EPNFC OBJ11-J. Be wary of letting constructors throw exceptions
CERT.OBJ13.RMO OBJ13-J. Ensure that references to mutable objects are not exposed
CERT.OBJ51.DPAC OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPAF OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPAM OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPC OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPF OBJ51-J. Minimize the accessibility of classes and their members
CERT.OBJ51.DPPM OBJ51-J. Minimize the accessibility of classes and their members
CERT.SEC01.PRIVIL SEC01-J. Do not allow tainted variables in privileged blocks
CERT.SEC02.TDRFL SEC02-J. Do not base security checks on untrusted sources
CERT.SEC03.ACL SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
CERT.SEC04.SCF SEC04-J. Protect sensitive operations with security manager checks
CERT.SEC05.ARM SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CERT.SEC51.PCL SEC51-J. Minimize privileged code
CERT.SER00.DUID SER00-J. Enable serialization compatibility during class evolution
CERT.SER01.ROWO SER01-J. Do not deviate from the proper signatures of serialization methods
CERT.SER03.SIF SER03-J. Do not serialize unencrypted sensitive data
CERT.SER04SECURITY.WSC.SCSER SER04-J. Do not allow serialization and deserialization to bypass the security manager
SECURITY CERT.WSCSER07.SRDRRSC MSC02 SER07-J. Generate strong random numbers
SECURITY.WSC.USCMSC00-J. Use SSLSocket rather than Socket for secure data exchange
Do not use the default serialized form for classes with implementation-defined invariants
CERT.SER09.VREADOBJ SER09-J. Do not invoke overridable methods from the readObject() method
CERT.SER11SERIAL.IRX SER11-J. Prevent overwriting of externalizable objects
SERIAL.ROWOSER01-J. Do not deviate from the proper signatures of serialization methods
SERIAL.RRSCSER07-J. Do not use the default serialized form for classes with implementation-defined invariants
SERVLET.CETSERR01-J. Do not allow exceptions to expose sensitive information
CERT.SER12.VOBD SER12-J. Prevent deserialization of untrusted data
CERT.STR00.COS STR00-J. Don't form strings containing partial characters from variable-width encodings
CERT.STR01.NCUCP STR01-J. Do not assume that a Java char fully represents a Unicode code point
CERT.STR02.CCL STR02-J. Specify an appropriate locale when comparing locale-dependent data
CERT.STR02.CTLC STR02-J. Specify an appropriate locale when comparing locale-dependent data
CERT.THI00.IRUN THI00-J. Do not invoke Thread.run()
CERT.THI01.AUTG THI01-J. Do not invoke ThreadGroup methods
CERT.THI02TRS.ANF THI02-J. Notify all waiting threads rather than a single thread
TRS CERT.THI03.AUTGUWIL THI01 THI03-J. Do not invoke ThreadGroup methodsAlways invoke wait() and await() methods inside a loop
CERT.THI05.THRD THI05TRS.CSTARTTSM02-J. Do not use background threads during class initializationThread.stop() to terminate threads
CERT.TPS00.ISTART TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts
CERT.TSM00.OSNS TSM00-J. Do not override thread-safe methods with methods that are not thread-safe
CERT.TSM01TRS.CTRE TSM01-J. Do not let the this reference escape during object construction
TRS.DCLLCK10-J. Use a correct form of the double-checked locking idiom
TRS.IASFLCK05-J. Synchronize access to static fields that can be modified by untrusted code
TRS.IRUNTHI00-J. Do not invoke Thread.run()
CERT.TSM02.CSTART TSM02-J. Do not use background threads during class initialization
CERT.VNA00TRS.LORD VNA00-J. Ensure visibility when accessing shared primitive variables
TRS.LORDLCK07-J. Avoid deadlock by requesting and releasing locks in the same order
TRS CERT.VNA00.MRAV VNA00-J. Ensure visibility when accessing shared primitive variables
TRS CERT.VNA02.MRAV VNA02-J. Ensure that compound operations on shared variables are atomic
TRS.MRAVVNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.RLFLCK08-J. Ensure actively held locks are released on exceptional conditions
TRS.SCSLCK01-J. Do not synchronize on objects that may be reused
TRS.SOPFLCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
TRS CERT.VNA02.SSUG VNA02-J. Ensure that compound operations on shared variables are atomic
TRS CERT.VNA03.SSUGMRAV VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.THRDMET02-J. Do not use deprecated or obsolete classes or methods
CERT.VNA03.SSUG VNA03TRS.THRDTHI05-J. Do not use Thread.stop() to terminate threads
TRS.UWILTHI03-J. Always invoke wait() and await() methods inside a loop
UC.EFMET12-J. Do not use finalizers
UC.FCSFMET12-J. Do not use finalizers
assume that a group of calls to independently atomic methods is atomic
CRT.MSC02.SRD MSC02-J. Generate strong random numbers
SECURITY.WSC.USC MSC00-J. Use SSLSocket rather than Socket for secure data exchange UC.UCATCHERR00-J. Do not suppress or ignore checked exceptions