Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
4 Back Matter
Rule or Rec. CC. Analyzers
Parasoft_V
Page Information
Title:
Parasoft_V
Author:
Will Snavely
Nov 06, 2015
Last Changed by:
Michal Rozenau
Jun 24, 2024
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/zTVGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (134)
Page:
IDS54-J. Prevent LDAP injection
Page:
LCK05-J. Synchronize access to static fields that can be modified by untrusted code
Page:
MSC62-J. Store passwords using a hash function
Page:
ERR01-J. Do not allow exceptions to expose sensitive information
Page:
DCL00-J. Prevent class initialization cycles
Page:
ENV02-J. Do not trust the values of environment variables
Page:
MSC57-J. Strive for logical completeness
Page:
SEC02-J. Do not base security checks on untrusted sources
Page:
DCL57-J. Avoid ambiguous overloading of variable arity methods
Page:
FIO04-J. Release resources when they are no longer needed
Page:
TSM02-J. Do not use background threads during class initialization
Page:
ERR03-J. Restore prior object state on method failure
Page:
IDS03-J. Do not log unsanitized user input
Page:
ERR00-J. Do not suppress or ignore checked exceptions
Page:
MSC56-J. Detect and remove superfluous code and values
Page:
OBJ07-J. Sensitive classes must not let themselves be copied
Page:
OBJ06-J. Defensively copy mutable inputs and mutable internal components
Page:
THI01-J. Do not invoke ThreadGroup methods
Page:
STR00-J. Don't form strings containing partial characters from variable-width encodings
Page:
Parasoft
Page:
THI00-J. Do not invoke Thread.run()
Page:
SER09-J. Do not invoke overridable methods from the readObject() method
Page:
LCK04-J. Do not synchronize on a collection view if the backing collection is accessible
Page:
OBJ05-J. Do not return references to private mutable class members
Page:
IDS11-J. Perform any string modifications before validation
Page:
LCK06-J. Do not use an instance lock to protect shared static data
Page:
LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
Page:
EXP55-J. Use the same type for the second and third operands in conditional expressions
Page:
FIO07-J. Do not let external processes block on IO buffers
Page:
THI03-J. Always invoke wait() and await() methods inside a loop
Page:
MSC00-J. Use SSLSocket rather than Socket for secure data exchange
Page:
ERR04-J. Do not complete abruptly from a finally block
Page:
ERR51-J. Prefer user-defined exceptions over more general exception types
Page:
NUM00-J. Detect or prevent integer overflow
Page:
OBJ03-J. Prevent heap pollution
Page:
ERR05-J. Do not let checked exceptions escape from a finally block
Page:
TSM01-J. Do not let the this reference escape during object construction
Page:
VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
Page:
SER12-J. Prevent deserialization of untrusted data
Page:
ERR08-J. Do not catch NullPointerException or any of its ancestors
Page:
SER00-J. Enable serialization compatibility during class evolution
Page:
OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
Page:
FIO13-J. Do not log sensitive information outside a trust boundary
Page:
DCL60-J. Avoid cyclic dependencies between packages
Page:
IDS53-J. Prevent XPath Injection
Page:
STR02-J. Specify an appropriate locale when comparing locale-dependent data
Page:
MET12-J. Do not use finalizers
Page:
LCK02-J. Do not synchronize on the class object returned by getClass()
Page:
MET08-J. Preserve the equality contract when overriding the equals() method
Page:
MET50-J. Avoid ambiguous or confusing uses of overloading
Page:
EXP02-J. Do not use the Object.equals() method to compare two arrays
Page:
MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
Page:
FIO08-J. Distinguish between characters or bytes read from a stream and -1
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
EXP00-J. Do not ignore values returned by methods
Page:
MET53-J. Ensure that the clone() method calls super.clone()
Page:
MSC52-J. Finish every set of statements associated with a case label with a break statement
Page:
MSC02-J. Generate strong random numbers
Page:
FIO16-J. Canonicalize path names before validating them
Page:
EXP52-J. Use braces for the body of an if, for, or while statement
Page:
FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream
Page:
ERR09-J. Do not allow untrusted code to terminate the JVM
Page:
NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
NUM09-J. Do not use floating-point variables as loop counters
Page:
EXP01-J. Do not use a null in a case where an object is required
Page:
SEC51-J. Minimize privileged code
Page:
IDS51-J. Properly encode or escape output
Page:
SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
Page:
NUM10-J. Do not construct BigDecimal objects from floating-point literals
Page:
TSM00-J. Do not override thread-safe methods with methods that are not thread-safe
Page:
FIO14-J. Perform proper cleanup at program termination
Page:
NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
Page:
LCK09-J. Do not perform operations that can block while holding a lock
Page:
VNA02-J. Ensure that compound operations on shared variables are atomic
Page:
EXP51-J. Do not perform assignments in conditional expressions
Page:
MET52-J. Do not use the clone() method to copy untrusted method parameters
Page:
MET04-J. Do not increase the accessibility of overridden or hidden methods
Page:
LCK10-J. Use a correct form of the double-checked locking idiom
Page:
ERR07-J. Do not throw RuntimeException, Exception, or Throwable
Page:
NUM04-J. Do not use floating-point numbers if precise computation is required
Page:
MSC07-J. Prevent multiple instantiations of singleton objects
Page:
SER03-J. Do not serialize unencrypted sensitive data
Page:
IDS06-J. Exclude unsanitized user input from format strings
Page:
SER01-J. Do not deviate from the proper signatures of serialization methods
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Page:
STR01-J. Do not assume that a Java char fully represents a Unicode code point
Page:
FIO12-J. Provide methods to read and write little-endian data
Page:
MSC61-J. Do not use insecure or weak cryptographic algorithms
Page:
OBJ13-J. Ensure that references to mutable objects are not exposed
Page:
EXP03-J. Do not use the equality operators when comparing values of boxed primitives
Page:
MSC06-J. Do not modify the underlying collection when an iteration is in progress
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
JNI00-J. Define wrappers around native methods
Page:
VNA00-J. Ensure visibility when accessing shared primitive variables
Page:
MET11-J. Ensure that keys used in comparison operations are immutable
Page:
LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Page:
MET06-J. Do not invoke overridable methods in clone()
Page:
LCK01-J. Do not synchronize on objects that may be reused
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
EXP50-J. Do not confuse abstract object equality with reference equality
Page:
DCL51-J. Do not shadow or obscure identifiers in subscopes
Page:
THI02-J. Notify all waiting threads rather than a single thread
Page:
LCK08-J. Ensure actively held locks are released on exceptional conditions
Page:
FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code
Page:
EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
Page:
MET09-J. Classes that define an equals() method must also define a hashCode() method
Page:
DCL52-J. Do not declare more than one variable per declaration
Page:
FIO03-J. Remove temporary files before termination
Page:
OBJ10-J. Do not use public static nonfinal fields
Page:
NUM07-J. Do not attempt comparisons with NaN
Page:
SER04-J. Do not allow serialization and deserialization to bypass the security manager
Page:
MSC01-J. Do not use an empty infinite loop
Page:
EXP53-J. Use parentheses for precedence of operation
Page:
MET02-J. Do not use deprecated or obsolete classes or methods
Page:
OBJ11-J. Be wary of letting constructors throw exceptions
Page:
FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
Page:
MSC03-J. Never hard code sensitive information
Page:
MSC04-J. Do not leak memory
Page:
IDS00-J. Prevent SQL injection
Page:
NUM08-J. Check floating-point inputs for exceptional values
Page:
IDS52-J. Prevent code injection
Page:
THI05-J. Do not use Thread.stop() to terminate threads
Page:
TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts
Page:
OBJ51-J. Minimize the accessibility of classes and their members
Page:
ERR54-J. Use a try-with-resources statement to safely handle closeable resources
Page:
SER11-J. Prevent overwriting of externalizable objects
Page:
MSC60-J. Do not use assertions to verify the absence of runtime errors
Page:
OBJ09-J. Compare classes and not class names
Page:
NUM50-J. Convert integers to floating point for floating-point operations
Page:
IDS16-J. Prevent XML Injection
Page:
NUM01-J. Do not perform bitwise and arithmetic operations on the same data
Page:
OBJ08-J. Do not expose private members of an outer class from within a nested class
Page:
DCL02-J. Do not modify the collection's elements during an enhanced for statement
Page:
NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
Hierarchy
Parent Page
Page:
Rule or Rec. CC. Analyzers
Labels
There are no labels assigned to this page.
Recent Changes
Time
Editor
Jun 24, 2024 08:33
Michal Rozenau
View Changes
Parasoft Jtest 2024.1
Jun 12, 2023 06:28
Michal Rozenau
View Changes
Parasoft Jtest 2023.1
Jan 10, 2023 05:48
Michal Rozenau
View Changes
Parasoft Jtest 2022.2
May 16, 2022 10:03
Michal Rozenau
View Changes
Parasoft Jtest 2022.1
Dec 01, 2021 09:22
Michal Rozenau
Parasoft Jtest 2021.2
View Page History
Overview
Content Tools
{"serverDuration": 592, "requestCorrelationId": "91c2fe236e36a5f8"}
