Checker | Guideline |
|---|
| CERT.DCL00.ACD | DCL00-J. Prevent class initialization cycles |
| CERT.DCL02.ITMOD | DCL02-J. Do not modify the collection's elements during an enhanced for statement |
| CERT.ENV02DCL51.ENV HMF | ENV02 DCL51-J. Do not trust the values of environment variables shadow or obscure identifiers in subscopes |
| CERT.ERR00DCL52.LGE MVOS | ERR00 DCL52-J. Do not suppress or ignore checked exceptions declare more than one variable per declaration |
| CERT.ERR00DCL57.UCATCH OVAM | ERR00 DCL57-J. Do not suppress or ignore checked exceptions Avoid ambiguous overloading of variable arity methods |
| CERT.ERR01DCL60.ACPST ACD | ERR01 DCL60-J. Do not allow exceptions to expose sensitive information Avoid cyclic dependencies between packages |
| CERT.ERR01ENV02.ACW ENV | ERR01 ENV02-J. Do not allow exceptions to expose sensitive information trust the values of environment variables |
| CERT.ERR01ERR00.CETS LGE | ERR01 ERR00-J. Do not allow exceptions to expose sensitive information suppress or ignore checked exceptions |
| CERT.ERR03ERR00.REVOBJ UCATCH | ERR03 ERR00-J. Restore prior object state on method failure Do not suppress or ignore checked exceptions |
| CERT.ERR04ERR01.ARCF ACPST | ERR04 ERR01-J. Do not complete abruptly from a finally block allow exceptions to expose sensitive information |
| CERT.ERR04ERR01.ATSF ACW | ERR04 ERR01-J. Do not complete abruptly from a finally block allow exceptions to expose sensitive information |
| CERT.ERR05ERR01.ARCF CETS | ERR05 ERR01-J. Do not allow exceptions to expose sensitive information |
| CERT.ERR03.REVOBJ | ERR03-J. Restore prior object state on method failure |
| CERT.ERR04.ARCF | ERR04-J. Do not complete abruptly let checked exceptions escape from a finally block |
| CERT.ERR05ERR04.ATSF | ERR05 ERR04-J. Do not let checked exceptions escape complete abruptly from a finally block |
| CERT.ERR07ERR05.NTERR ARCF | ERR07 ERR05-J. Do not let checked exceptions escape from a finally block |
| CERT.ERR05.ATSF | ERR05-J. Do not let checked exceptions escape from a finally block |
| CERT.ERR07.NTERR | ERR07-J. Do not throw RuntimeException, Exception, throw RuntimeException, Exception, or Throwable |
| CERT.ERR07.NTX | ERR07-J. Do not throw RuntimeException, Exception, or Throwable |
| CERT.ERR08.NCNPE | ERR08-J. Do not catch NullPointerException or any of its ancestors |
| CERT.ERR09.EXIT | ERR09-J. Do not allow untrusted code to terminate the JVM |
| CERT.ERR09.JVM | ERR09-J. Do not allow untrusted code to terminate the JVM |
| CERT.EXP00ERR51.AECB NCE | ERR51-J. Prefer user-defined exceptions over more general exception types |
| CERT.ERR54.CLFIN | ERR54-J. Use a try-with-resources statement to safely handle closeable resources |
| CERT.EXP00.AECB | EXP00-J. Do not ignore values returned EXP00-J. Do not ignore values returned by methods |
| CERT.EXP00.NASSIG | EXP00-J. Do not ignore values returned by methods |
| CERT.EXP01.NCMD | EXP01-J. Do not use a null in a case where an object is required |
| CERT.EXP01.NP | EXP01-J. Do not use a null in a case where an object is required |
| CERT.EXP02.UEIC | EXP02-J. Do not use the Object.equals() method to compare two arrays |
| CERT.EXP03.UEIC | EXP03-J. Do not use the equality operators when comparing values of boxed primitives |
| CERT.EXP05.CID | EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression |
| CERT.FIO03EXP50.ATF UEIC | FIO03 EXP50-J. Remove temporary files before termination Do not confuse abstract object equality with reference equality |
| CERT.FIO03EXP51.REMTMP ASI | FIO03 EXP51-J. Remove temporary files before termination Do not perform assignments in conditional expressions |
| CERT.FIO04EXP52.CCR BLK FIO04 | EXP52-J. Release resources when they are no longer needed Use braces for the body of an if, for, or while statement |
| CERT.FIO04EXP53.CIO APAREN | FIO04 EXP53-J. Release resources when they are no longer needed Use parentheses for precedence of operation |
| CERT.FIO04EXP55.LEAKS COMT | FIO04 EXP55-J. Release resources when they are no longer needed Use the same type for the second and third operands in conditional expressions |
| CERT.FIO05FIO03.BUFEXP ATF | FIO05 FIO03-J. Do not expose buffers or their backing arrays methods to untrusted code Remove temporary files before termination |
| CERT.FIO06FIO03.MULBUF REMTMP | FIO06 FIO03-J. Do not create multiple buffered wrappers on a single byte or character stream Remove temporary files before termination |
| CERT.FIO07FIO04.EXEC CCR | FIO07 FIO04-J. Do not let external processes block on IO buffers Release resources when they are no longer needed |
| CERT.FIO08FIO04.CRRV CIO | FIO08 FIO04-J. Distinguish between characters or bytes read from a stream and -1 Release resources when they are no longer needed |
| CERT.FIO09FIO04.ARGWRITE LEAKS | FIO09 FIO04-J. Do not rely on the write() method to output integers outside the range 0 to 255 Release resources when they are no longer needed |
| CERT.FIO12FIO05.PMRWLED BUFEXP | FIO12 FIO05-J. Provide methods to read and write little-endian data Do not expose buffers or their backing arrays methods to untrusted code |
| CERT.FIO13FIO06.CONSEN MULBUF | FIO13 FIO06-J. Do not log sensitive information outside a trust boundary create multiple buffered wrappers on a single byte or character stream |
| CERT.FIO13FIO07.LHII EXEC | FIO13 FIO07-J. Do not log sensitive information outside a trust boundary let external processes block on IO buffers |
| CERT.FIO13FIO08.PEO CRRV | FIO13 FIO08-J. Do not log sensitive information outside a trust boundary Distinguish between characters or bytes read from a stream and -1 |
| CERT.FIO13FIO09.SENS ARGWRITE | FIO13 FIO09-J. Do not log sensitive information outside a trust boundary rely on the write() method to output integers outside the range 0 to 255 |
| CERT.FIO14FIO12.CCR PMRWLED | FIO14 FIO12-J. Perform proper cleanup at program termination Provide methods to read and write little-endian data |
| CERT.FIO14FIO13.CIO CONSEN | FIO14 FIO13-J. Perform proper cleanup at program termination Do not log sensitive information outside a trust boundary |
| CERT.FIO14FIO13.CRWD LHII | FIO14 FIO13-J. Perform proper cleanup at program termination Do not log sensitive information outside a trust boundary |
| CERT.FIO16FIO13.CDBV PEO | FIO16 FIO13-J. Canonicalize path names before validating them Do not log sensitive information outside a trust boundary |
| CERT.IDS00FIO13.TDSQL SENS | IDS00 FIO13-J. Prevent SQL injection Do not log sensitive information outside a trust boundary |
| CERT.IDS03FIO14.TDLOG CCR | IDS03 FIO14-J. Do not log unsanitized user input Perform proper cleanup at program termination |
| CERT.IDS06FIO14.VAFS CIO | IDS06 FIO14-J. Exclude unsanitized user input from format strings Perform proper cleanup at program termination |
| CERT.IDS07FIO14.EXEC CRWD | IDS07 FIO14-J. Sanitize untrusted data passed to the Runtime.exec() method Perform proper cleanup at program termination |
| CERT.IDS11FIO16.VPPD CDBV | IDS11 FIO16-J. Perform any string modifications before validation Canonicalize path names before validating them |
| CERT.IDS16IDS00.TDXML TDSQL | IDS16 IDS00-J. Prevent XML Injection SQL injection |
| CERT.JNI00IDS03.NATIW TDLOG | JNI00 IDS03-J. Define wrappers around native methods Do not log unsanitized user input |
| CERT.LCK00IDS06.SOPF VAFS | LCK00 IDS06-J. Use private final lock objects to synchronize classes that may interact with untrusted code Exclude unsanitized user input from format strings |
| CERT.LCK01IDS07.SCS EXEC | LCK01 IDS07-J. Do not synchronize on objects that may be reused . Sanitize untrusted data passed to the Runtime.exec() method |
| CERT.LCK02IDS11.SGC VPPD | LCK02 IDS11-J. Do not synchronize on the class object returned by getClass() Perform any string modifications before validation |
| CERT.LCK04IDS16.SOBC TDXML | LCK04 IDS16-J. Do not synchronize on a collection view if the backing collection is accessible Prevent XML Injection |
| CERT.LCK05IDS51.IASF TDRESP | LCK05 IDS51-J. Synchronize access to static fields that can be modified by untrusted code Properly encode or escape output |
| CERT.LCK06IDS51.INSTLOCK TDXSS | LCK06 IDS51-J. Do not use an instance lock to protect shared static data Properly encode or escape output |
| CERT.LCK07IDS52.LORD TDCODE | LCK07 IDS52-J. Avoid deadlock by requesting and releasing locks in the same order Prevent code injection |
| CERT.LCK08IDS53.LOCK TDJXPATH | LCK08 IDS53-J. Ensure actively held locks are released on exceptional conditions Prevent XPath Injection |
| CERT.LCK08IDS53.RLF TDXPATH | LCK08 IDS53-J. Ensure actively held locks are released on exceptional conditions Prevent XPath Injection |
| CERT.LCK09IDS54.TSHL TDLDAP | LCK09 IDS54-J. Do not perform operations that can block while holding a lock Prevent LDAP injection |
| CERT.LCK09JNI00.TSHL2 NATIW | LCK09 JNI00-J. Do not perform operations that can block while holding a lock Define wrappers around native methods |
| CERT.LCK10LCK00.DCL SOPF | LCK10 LCK00-J. Use a correct form of the double-checked locking idiom private final lock objects to synchronize classes that may interact with untrusted code |
| CERT.MET02LCK01.DPRAPI SCS | MET02 LCK01-J. Do not use deprecated or obsolete classes or methods synchronize on objects that may be reused |
| CERT.MET02LCK02.THRD SGC | MET02 LCK02-J. Do not use deprecated or obsolete classes or methods synchronize on the class object returned by getClass() |
| CERT.MET04LCK04.OPM SOBC | MET04 LCK04-J. Do not increase the accessibility of overridden or hidden methods synchronize on a collection view if the backing collection is accessible |
| CERT.MET06LCK05.CLONE IASF | MET06 LCK05-J. Do not invoke overridable methods in clone() Synchronize access to static fields that can be modified by untrusted code |
| CERT.MET07LCK06.AHSM INSTLOCK MET07 | LCK06-J. Never declare a class method that hides a method declared in a superclass or superinterface Do not use an instance lock to protect shared static data |
| CERT.MET08LCK07.EQREFL LORD | MET08 LCK07-J. Preserve the equality contract when overriding the equals() method Avoid deadlock by requesting and releasing locks in the same order |
| CERT.MET09LCK08.OVERRIDE LOCK | MET09 LCK08-J. Classes that define an equals() method must also define a hashCode() method Ensure actively held locks are released on exceptional conditions |
| CERT.MET11LCK08.IKICO RLF | MET11 LCK08-J. Ensure that keys used in comparison operations are immutable actively held locks are released on exceptional conditions |
| CERT.MET12LCK09.EF TSHL | MET12 LCK09-J. Do not use finalizers perform operations that can block while holding a lock |
| CERT.MET12LCK09.FCF TSHL2 | MET12 LCK09-J. Do not use finalizers perform operations that can block while holding a lock |
| CERT.MET12LCK10.FCSF DCL | MET12 LCK10-J. Do not use finalizers Use a correct form of the double-checked locking idiom |
| CERT.MET12MET02.FM DPRAPI | MET12 MET02-J. Do not use finalizers deprecated or obsolete classes or methods |
| CERT.MET12MET02.IFF THRD | MET12 MET02-J. Do not use finalizers deprecated or obsolete classes or methods |
| CERT.MET12MET04.MFP OPM | MET12 MET04-J. Do not use finalizers increase the accessibility of overridden or hidden methods |
| CERT.MET12MET06.MNDF CLONE | MET12 MET06-J. Do not use finalizers invoke overridable methods in clone() |
| CERT.MET12MET07.NCF AHSM | MET12 MET07-J. Do not use finalizers Never declare a class method that hides a method declared in a superclass or superinterface |
| CERT.MET12MET08.OF EQREFL | MET12 MET08-J. Do not use finalizers Preserve the equality contract when overriding the equals() method |
| CERT.MSC01MET09.EB OVERRIDE | MSC01 MET09-J. Do not use an empty infinite loop Classes that define an equals() method must also define a hashCode() method |
| CERT.MSC03MET11.AHCA IKICO | MSC03 MET11-J. Never hard code sensitive information Ensure that keys used in comparison operations are immutable |
| CERT.MSC03MET12.HCCK EF | MSC03 MET12-J. Never hard code sensitive information Do not use finalizers |
| CERT.MSC03MET12.HCCS FCF | MSC03 MET12-J. Never hard code sensitive information Do not use finalizers |
| CERT.MSC04MET12.LEAKS FCSF | MSC04 MET12-J. Do not leak memory use finalizers |
| CERT.MSC06MET12.ITMOD FM | MSC06 MET12-J. Do not modify the underlying collection when an iteration is in progress use finalizers |
| CERT.MSC07MET12.ILI IFF | MSC07 MET12-J. Prevent multiple instantiations of singleton objects Do not use finalizers |
| CERT.NUM00MET12.BSA MFP | NUM00 MET12-J. Detect or prevent integer overflow Do not use finalizers |
| CERT.NUM00MET12.CACO MNDF | NUM00 MET12-J. Detect or prevent integer overflow Do not use finalizers |
| CERT.NUM00MET12.ICO NCF | NUM00 MET12-J. Detect or prevent integer overflow Do not use finalizers |
| CERT.NUM01MET12.BADSHIFT OF | NUM01 MET12-J. Do not perform bitwise and arithmetic operations on the same data use finalizers |
| CERT.NUM01MET50.NCBAV OVERLOAD | NUM01 MET50-J. Do not perform bitwise and arithmetic operations on the same data Avoid ambiguous or confusing uses of overloading |
| CERT.NUM02MET52.ZERO CIFC | NUM02 MET52-J. Ensure that division and remainder operations do not result in divide-by-zero errors Do not use the clone() method to copy untrusted method parameters |
| CERT.NUM04MET53.UBD SCLONE NUM04 | MET53-J. Do not use floating-point numbers if precise computation is required Ensure that the clone() method calls super.clone() |
| CERT.NUM07MSC01.NAN EB | NUM07 MSC01-J. Do not attempt comparisons with NaN use an empty infinite loop |
| CERT.NUM08MSC03.FPEXC AHCA | NUM08 MSC03-J. Check floating-point inputs for exceptional values Never hard code sensitive information |
| CERT.NUM09MSC03.FPLI HCCK | NUM09 MSC03-J. Do not use floating-point variables as loop counters |
| CERT.NUM10.BBDCC | NUM10-J. Do not construct BigDecimal objects from floating-point literals |
| CERT.NUM12.CLP | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data |
| CERT.NUM13.AIC | NUM13-J. Avoid loss of precision when converting primitive integers to floating-point |
| CERT.OBJ03.AGBPT | OBJ03-J. Prevent heap pollution |
| CERT.OBJ04.CLONE | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.CPCL | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.MPT | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.MUCOP | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.SMO | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ05.CPCL | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ05.MPT | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ05.MUCOP | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ05.SMO | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ06..MPT | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ06.CPCL | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ06.MUCOP | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ06.SMO | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ07.MCNC | OBJ07-J. Sensitive classes must not let themselves be copied |
| CERT.OBJ08.INNER | OBJ08-J. Do not expose private members of an outer class from within a nested class |
| CERT.OBJ09.CMP | OBJ09-J. Compare classes and not class names |
| CERT.OBJ10.RMO | OBJ10-J. Do not use public static nonfinal fields |
| CERT.OBJ10.SPFF | OBJ10-J. Do not use public static nonfinal fields |
| Never hard code sensitive information |
| CERT.MSC03.HCCS | MSC03-J. Never hard code sensitive information |
| CERT.MSC04.LEAKS | MSC04-J. Do not leak memory |
| CERT.MSC06.ITMOD | MSC06-J. Do not modify the underlying collection when an iteration is in progress |
| CERT.MSC07.ILI | MSC07-J. Prevent multiple instantiations of singleton objects |
| CERT.MSC52.SBC | MSC52-J. Finish every set of statements associated with a case label with a break statement |
| CERT.MSC56.CC | MSC56-J. Detect and remove superfluous code and values |
| CERT.MSC56.SWITCH | MSC56-J. Detect and remove superfluous code and values |
| CERT.MSC56.VOVR | MSC56-J. Detect and remove superfluous code and values |
| CERT.MSC57.PDCL | MSC57-J. Strive for logical completeness |
| CERT.MSC57.PDS | MSC57-J. Strive for logical completeness |
| CERT.MSC60.ASSERT | MSC60-J. Do not use assertions to verify the absence of runtime errors |
| CERT.MSC61.AISSAJAVA | MSC61-J. Do not use insecure or weak cryptographic algorithms |
| CERT.MSC61.AISSAXML | MSC61-J. Do not use insecure or weak cryptographic algorithms |
| CERT.MSC61.CKTS | MSC61-J. Do not use insecure or weak cryptographic algorithms |
| CERT.MSC61.HCCK | MSC61-J. Do not use insecure or weak cryptographic algorithms |
| CERT.MSC61.ICA | MSC61-J. Do not use insecure or weak cryptographic algorithms |
| CERT.MSC62.PCCF | MSC62-J. Store passwords using a hash function |
| CERT.MSC62.PLAIN | MSC62-J. Store passwords using a hash function |
| CERT.MSC62.PTPT | MSC62-J. Store passwords using a hash function |
| CERT.MSC62.PWDPROP | MSC62-J. Store passwords using a hash function |
| CERT.MSC62.PWDXML | MSC62-J. Store passwords using a hash function |
| CERT.MSC62.UTAX | MSC62-J. Store passwords using a hash function |
| CERT.MSC62.WCPWD | MSC62-J. Store passwords using a hash function |
| CERT.MSC62.WPWD | MSC62-J. Store passwords using a hash function |
| CERT.NUM00.BSA | NUM00-J. Detect or prevent integer overflow |
| CERT.NUM00.CACO | NUM00-J. Detect or prevent integer overflow |
| CERT.NUM00.ICO | NUM00-J. Detect or prevent integer overflow |
| CERT.NUM01.BADSHIFT | NUM01-J. Do not perform bitwise and arithmetic operations on the same data |
| CERT.NUM01.NCBAV | NUM01-J. Do not perform bitwise and arithmetic operations on the same data |
| CERT.NUM02.ZERO | NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors |
| CERT.NUM04.UBD | NUM04-J. Do not use floating-point numbers if precise computation is required |
| CERT.NUM07.NAN | NUM07-J. Do not attempt comparisons with NaN |
| CERT.NUM08.FPEXC | NUM08-J. Check floating-point inputs for exceptional values |
| CERT.NUM09.FPLI | NUM09-J. Do not use floating-point variables as loop counters |
| CERT.NUM10.BBDCC | NUM10-J. Do not construct BigDecimal objects from floating-point literals |
| CERT.NUM12.CLP | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data |
| CERT.NUM13.AIC | NUM13-J. Avoid loss of precision when converting primitive integers to floating-point |
| CERT.NUM50.IDCD | NUM50-J. Convert integers to floating point for floating-point operations |
| CERT.OBJ03.AGBPT | OBJ03-J. Prevent heap pollution |
| CERT.OBJ04.CLONE | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.CPCL | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.MPT | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.MUCOP | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ04.SMO | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code |
| CERT.OBJ05.CPCL | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ05.MPT | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ05.MUCOP | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ05.SMO | OBJ05-J. Do not return references to private mutable class members |
| CERT.OBJ06..MPT | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ06.CPCL | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ06.MUCOP | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ06.SMO | OBJ06-J. Defensively copy mutable inputs and mutable internal components |
| CERT.OBJ07.MCNC | OBJ07-J. Sensitive classes must not let themselves be copied |
| CERT.OBJ08.INNER | OBJ08-J. Do not expose private members of an outer class from within a nested class |
| CERT.OBJ09.CMP | OBJ09-J. Compare classes and not class names |
| CERT.OBJ10.RMO | OBJ10-J. Do not use public static nonfinal fields |
| CERT.OBJ10.SPFF | OBJ10-J. Do not use public static nonfinal fields |
| CERT.OBJ11.EPNFC | OBJ11-J. Be wary of letting constructors throw exceptions |
| CERT.OBJ13.RMO | OBJ13-J. Ensure that references to mutable objects are not exposed |
| CERT.OBJ51.DPAC | OBJ51-J. Minimize the accessibility of classes and their members |
| CERT.OBJ51.DPAF | OBJ51-J. Minimize the accessibility of classes and their members |
| CERT.OBJ51.DPAM | OBJ51-J. Minimize the accessibility of classes and their members |
| CERT.OBJ51.DPPC | OBJ51-J. Minimize the accessibility of classes and their members |
| CERT.OBJ51.DPPF | OBJ51-J. Minimize the accessibility of classes and their members |
| CERT.OBJ51.DPPM | OBJ51-J. Minimize the accessibility of classes and their members | CERT.OBJ11.EPNFC | OBJ11-J. Be wary of letting constructors throw exceptions |
| CERT.SEC01.PRIVIL | SEC01-J. Do not allow tainted variables in privileged blocks |
| CERT.SEC02.TDRFL | SEC02-J. Do not base security checks on untrusted sources |
| CERT.SEC03.ACL | SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes |
| CERT.SEC04.SCF | SEC04-J. Protect sensitive operations with security manager checks |
| CERT.SEC05.ARM | SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields |
| CERT.SEC51.PCL | SEC51-J. Minimize privileged code |
| CERT.SER00.DUID | SER00-J. Enable serialization compatibility during class evolution |
| CERT.SER01.ROWO | SER01-J. Do not deviate from the proper signatures of serialization methods |
| CERT.SER03.SIF | SER03-J. Do not serialize unencrypted sensitive data |
| CERT.SER04.SCSER | SER04-J. Do not allow serialization and deserialization to bypass the security manager |
| CERT.SER07.RRSC | SER07-J. Do not use the default serialized form for classes with implementation-defined invariants |
| CERT.SER09.VREADOBJ | SER09-J. Do not invoke overridable methods from the readObject() method |
| CERT.SER11.IRX | SER11-J. Prevent overwriting of externalizable objects |
| CERT.SER12.VOBD | SER12-J. Prevent deserialization of untrusted data |
| CERT.STR00.COS | STR00-J. Don't form strings containing partial characters from variable-width encodings |
| CERT.STR01.NCUCP | STR01-J. Do not assume that a Java char fully represents a Unicode code point |
| CERT.STR02.CCL | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| CERT.STR02.CTLC | STR02-J. Specify an appropriate locale when comparing locale-dependent data |
| CERT.THI00.IRUN | THI00-J. Do not invoke Thread.run() |
| CERT.THI01.AUTG | THI01-J. Do not invoke ThreadGroup methods |
| CERT.THI02.ANF | THI02-J. Notify all waiting threads rather than a single thread |
| CERT.THI03.UWIL | THI03-J. Always invoke wait() and await() methods inside a loop |
| CERT.THI05.THRD | THI05-J. Do not use Thread.stop() to terminate threads |
| CERT.TPS00.ISTART | TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts |
| CERT.TSM00.OSNS | TSM00-J. Do not override thread-safe methods with methods that are not thread-safe |
| CERT.TSM01.CTRE | TSM01-J. Do not let the this reference escape during object construction |
| CERT.TSM02.CSTART | TSM02-J. Do not use background threads during class initialization |
| CERT.VNA00.LORD | VNA00-J. Ensure visibility when accessing shared primitive variables |
| CERT.VNA00.MRAV | VNA00-J. Ensure visibility when accessing shared primitive variables |
| CERT.VNA02.MRAV | VNA02-J. Ensure that compound operations on shared variables are atomic |
| CERT.VNA02.SSUG | VNA02-J. Ensure that compound operations on shared variables are atomic |
| CERT.VNA03.MRAV | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| CERT.VNA03.SSUG | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic |
| CRT.MSC02.SRD | MSC02-J. Generate strong random numbers |
| SECURITY.WSC.USC | MSC00-J. Use SSLSocket rather than Socket for secure data exchange |
