SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 98

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2022.2

...

This guideline is a specific instance of IDS00-J. Prevent SQL Injectioninjection.

Noncompliant Code Example

...

Failure to prevent code injection can result in the execution of arbitrary code.

Automated Detection

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.IDS52.TDCODEValidate potentially tainted data before it is used in methods that generate code

Bibliography

[API 2013]Package javax.script
[OWASP 2013]Code Injection in Java

...


...

Image Modified Image Modified Image Modified