Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
4 Back Matter
Rule or Rec. CC. Analyzers
Parasoft
Page Information
Title:
Parasoft
Author:
Will Snavely
Nov 06, 2015
Last Changed by:
David Svoboda
Oct 14, 2024
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/zjVGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (131)
Page:
LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
Page:
THI03-J. Always invoke wait() and await() methods inside a loop
Page:
MSC56-J. Detect and remove superfluous code and values
Page:
ERR00-J. Do not suppress or ignore checked exceptions
Page:
LCK04-J. Do not synchronize on a collection view if the backing collection is accessible
Page:
IDS03-J. Do not log unsanitized user input
Page:
IDS11-J. Perform any string modifications before validation
Page:
IDS52-J. Prevent code injection
Page:
IDS00-J. Prevent SQL injection
Page:
MET53-J. Ensure that the clone() method calls super.clone()
Page:
TSM02-J. Do not use background threads during class initialization
Page:
OBJ06-J. Defensively copy mutable inputs and mutable internal components
Page:
OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
THI05-J. Do not use Thread.stop() to terminate threads
Page:
DCL00-J. Prevent class initialization cycles
Page:
MET12-J. Do not use finalizers
Page:
EXP55-J. Use the same type for the second and third operands in conditional expressions
Page:
SEC02-J. Do not base security checks on untrusted sources
Page:
MET09-J. Classes that define an equals() method must also define a hashCode() method
Page:
LCK06-J. Do not use an instance lock to protect shared static data
Page:
EXP02-J. Do not use the Object.equals() method to compare two arrays
Page:
MSC03-J. Never hard code sensitive information
Page:
TSM01-J. Do not let the this reference escape during object construction
Page:
MET50-J. Avoid ambiguous or confusing uses of overloading
Page:
MET02-J. Do not use deprecated or obsolete classes or methods
Page:
FIO04-J. Release resources when they are no longer needed
Page:
ENV02-J. Do not trust the values of environment variables
Page:
IDS54-J. Prevent LDAP injection
Page:
LCK08-J. Ensure actively held locks are released on exceptional conditions
Page:
OBJ03-J. Prevent heap pollution
Page:
LCK05-J. Synchronize access to static fields that can be modified by untrusted code
Page:
SEC01-J. Do not allow tainted variables in privileged blocks
Page:
OBJ07-J. Sensitive classes must not let themselves be copied
Page:
OBJ08-J. Do not expose private members of an outer class from within a nested class
Page:
MSC04-J. Do not leak memory
Page:
NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
Page:
IDS06-J. Exclude unsanitized user input from format strings
Page:
NUM50-J. Convert integers to floating point for floating-point operations
Page:
MSC57-J. Strive for logical completeness
Page:
EXP53-J. Use parentheses for precedence of operation
Page:
FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
Page:
THI00-J. Do not invoke Thread.run()
Page:
FIO03-J. Remove temporary files before termination
Page:
OBJ10-J. Do not use public static nonfinal fields
Page:
LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Page:
TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts
Page:
DCL52-J. Do not declare more than one variable per declaration
Page:
FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code
Page:
NUM01-J. Do not perform bitwise and arithmetic operations on the same data
Page:
FIO12-J. Provide methods to read and write little-endian data
Page:
EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
Page:
IDS16-J. Prevent XML Injection
Page:
OBJ51-J. Minimize the accessibility of classes and their members
Page:
ERR54-J. Use a try-with-resources statement to safely handle closeable resources
Page:
MSC62-J. Store passwords using a hash function
Page:
MSC01-J. Do not use an empty infinite loop
Page:
MSC60-J. Do not use assertions to verify the absence of runtime errors
Page:
OBJ09-J. Compare classes and not class names
Page:
SER04-J. Do not allow serialization and deserialization to bypass the security manager
Page:
SER11-J. Prevent overwriting of externalizable objects
Page:
MET04-J. Do not increase the accessibility of overridden or hidden methods
Page:
OBJ11-J. Be wary of letting constructors throw exceptions
Page:
VNA00-J. Ensure visibility when accessing shared primitive variables
Page:
STR01-J. Do not assume that a Java char fully represents a Unicode code point
Page:
DCL02-J. Do not modify the collection's elements during an enhanced for statement
Page:
NUM04-J. Do not use floating-point numbers if precise computation is required
Page:
OBJ13-J. Ensure that references to mutable objects are not exposed
Page:
DCL51-J. Do not shadow or obscure identifiers in subscopes
Page:
ERR07-J. Do not throw RuntimeException, Exception, or Throwable
Page:
NUM08-J. Check floating-point inputs for exceptional values
Page:
MET06-J. Do not invoke overridable methods in clone()
Page:
LCK01-J. Do not synchronize on objects that may be reused
Page:
THI02-J. Notify all waiting threads rather than a single thread
Page:
SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
Page:
IDS51-J. Properly encode or escape output
Page:
EXP50-J. Do not confuse abstract object equality with reference equality
Page:
FIO16-J. Canonicalize path names before validating them
Page:
FIO14-J. Perform proper cleanup at program termination
Page:
NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
MET11-J. Ensure that keys used in comparison operations are immutable
Page:
LCK10-J. Use a correct form of the double-checked locking idiom
Page:
VNA02-J. Ensure that compound operations on shared variables are atomic
Page:
ERR09-J. Do not allow untrusted code to terminate the JVM
Page:
FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream
Page:
NUM00-J. Detect or prevent integer overflow
Page:
SEC04-J. Protect sensitive operations with security manager checks
Page:
LCK09-J. Do not perform operations that can block while holding a lock
Page:
ERR05-J. Do not let checked exceptions escape from a finally block
Page:
MET52-J. Do not use the clone() method to copy untrusted method parameters
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Page:
NUM10-J. Do not construct BigDecimal objects from floating-point literals
Page:
JNI00-J. Define wrappers around native methods
Page:
ERR08-J. Do not catch NullPointerException or any of its ancestors
Page:
SER03-J. Do not serialize unencrypted sensitive data
Page:
EXP03-J. Do not use the equality operators when comparing values of boxed primitives
Page:
DCL60-J. Avoid cyclic dependencies between packages
Page:
MSC06-J. Do not modify the underlying collection when an iteration is in progress
Page:
NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
Page:
THI01-J. Do not invoke ThreadGroup methods
Page:
FIO08-J. Distinguish between characters or bytes read from a stream and -1
Page:
MSC02-J. Generate strong random numbers
Page:
OBJ05-J. Do not return references to private mutable class members
Page:
MSC61-J. Do not use insecure or weak cryptographic algorithms
Page:
SER01-J. Do not deviate from the proper signatures of serialization methods
Page:
VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
Page:
FIO07-J. Do not let external processes block on IO buffers
Page:
NUM09-J. Do not use floating-point variables as loop counters
Page:
STR00-J. Don't form strings containing partial characters from variable-width encodings
Page:
SER09-J. Do not invoke overridable methods from the readObject() method
Page:
MSC52-J. Finish every set of statements associated with a case label with a break statement
Page:
SEC51-J. Minimize privileged code
Page:
SER12-J. Prevent deserialization of untrusted data
Page:
STR02-J. Specify an appropriate locale when comparing locale-dependent data
Page:
SER00-J. Enable serialization compatibility during class evolution
Page:
EXP51-J. Do not perform assignments in conditional expressions
Page:
EXP52-J. Use braces for the body of an if, for, or while statement
Page:
ERR51-J. Prefer user-defined exceptions over more general exception types
Page:
ERR01-J. Do not allow exceptions to expose sensitive information
Page:
ERR04-J. Do not complete abruptly from a finally block
Page:
EXP01-J. Do not use a null in a case where an object is required
Page:
MSC00-J. Use SSLSocket rather than Socket for secure data exchange
Page:
TSM00-J. Do not override thread-safe methods with methods that are not thread-safe
Page:
IDS53-J. Prevent XPath Injection
Page:
ERR03-J. Restore prior object state on method failure
Page:
LCK02-J. Do not synchronize on the class object returned by getClass()
Page:
MET08-J. Preserve the equality contract when overriding the equals() method
Page:
EXP00-J. Do not ignore values returned by methods
Page:
FIO13-J. Do not log sensitive information outside a trust boundary
Page:
DCL57-J. Avoid ambiguous overloading of variable arity methods
Page:
MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
Hierarchy
Parent Page
Page:
Rule or Rec. CC. Analyzers
Labels
Global Labels (1)
analyzer
Recent Changes
Time
Editor
Oct 14, 2024 07:23
David Svoboda
View Changes
Feb 08, 2024 09:03
David Svoboda
View Changes
Jul 13, 2023 13:36
David Svoboda
View Changes
Jun 06, 2023 12:22
David Svoboda
View Changes
Apr 19, 2023 14:04
David Svoboda
View Page History
Outgoing Links
External Links (134)
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
SEI CERT Oracle Coding Standard for Java (1)
Page:
Parasoft_V
Overview
Content Tools
{"serverDuration": 228, "requestCorrelationId": "1b95d253334ed1cf"}
