Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
4 Back Matter
Rule or Rec. CC. Analyzers
SonarQube_V
Page Information
Title:
SonarQube_V
Author:
Will Snavely
Aug 21, 2015
Last Changed by:
Alexandre GIGLEUX
May 25, 2023
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/GjZGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (81)
Page:
OBJ01-J. Limit accessibility of fields
Page:
ERR54-J. Use a try-with-resources statement to safely handle closeable resources
Page:
MET08-J. Preserve the equality contract when overriding the equals() method
Page:
DCL51-J. Do not shadow or obscure identifiers in subscopes
Page:
MSC03-J. Never hard code sensitive information
Page:
EXP02-J. Do not use the Object.equals() method to compare two arrays
Page:
OBJ09-J. Compare classes and not class names
Page:
OBJ13-J. Ensure that references to mutable objects are not exposed
Page:
IDS00-J. Prevent SQL injection
Page:
MET53-J. Ensure that the clone() method calls super.clone()
Page:
OBJ06-J. Defensively copy mutable inputs and mutable internal components
Page:
DCL52-J. Do not declare more than one variable per declaration
Page:
OBJ10-J. Do not use public static nonfinal fields
Page:
SER00-J. Enable serialization compatibility during class evolution
Page:
THI03-J. Always invoke wait() and await() methods inside a loop
Page:
ERR09-J. Do not allow untrusted code to terminate the JVM
Page:
NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
NUM51-J. Do not assume that the remainder operator always returns a nonnegative result for integral operands
Page:
SonarQube
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
LCK01-J. Do not synchronize on objects that may be reused
Page:
EXP01-J. Do not use a null in a case where an object is required
Page:
VNA01-J. Ensure visibility of shared references to immutable objects
Page:
LCK02-J. Do not synchronize on the class object returned by getClass()
Page:
LCK10-J. Use a correct form of the double-checked locking idiom
Page:
ENV06-J. Production code must not contain debugging entry points
Page:
MET05-J. Ensure that constructors do not call overridable methods
Page:
ERR07-J. Do not throw RuntimeException, Exception, or Throwable
Page:
ERR02-J. Prevent exceptions while logging data
Page:
EXP53-J. Use parentheses for precedence of operation
Page:
ERR01-J. Do not allow exceptions to expose sensitive information
Page:
EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
Page:
ERR04-J. Do not complete abruptly from a finally block
Page:
TSM02-J. Do not use background threads during class initialization
Page:
ERR51-J. Prefer user-defined exceptions over more general exception types
Page:
STR02-J. Specify an appropriate locale when comparing locale-dependent data
Page:
MSC02-J. Generate strong random numbers
Page:
MSC54-J. Avoid inadvertent wrapping of loop counters
Page:
ERR00-J. Do not suppress or ignore checked exceptions
Page:
MSC11-J. Do not let session information leak within a servlet
Page:
EXP00-J. Do not ignore values returned by methods
Page:
MSC51-J. Do not place a semicolon immediately following an if, for, or while condition
Page:
MSC52-J. Finish every set of statements associated with a case label with a break statement
Page:
SER01-J. Do not deviate from the proper signatures of serialization methods
Page:
STR04-J. Use compatible character encodings when communicating string data between JVMs
Page:
EXP52-J. Use braces for the body of an if, for, or while statement
Page:
SER05-J. Do not serialize instances of inner classes
Page:
IDS04-J. Safely extract files from ZipInputStream
Page:
THI01-J. Do not invoke ThreadGroup methods
Page:
DCL00-J. Prevent class initialization cycles
Page:
EXP51-J. Do not perform assignments in conditional expressions
Page:
THI00-J. Do not invoke Thread.run()
Page:
IDS08-J. Sanitize untrusted data included in a regular expression
Page:
LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects
Page:
LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
Page:
MET55-J. Return an empty array or collection instead of a null value for methods that return an array or collection
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
NUM50-J. Convert integers to floating point for floating-point operations
Page:
STR50-J. Use the appropriate method for counting characters in a string
Page:
EXP50-J. Do not confuse abstract object equality with reference equality
Page:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Page:
DCL50-J. Use visually distinct identifiers
Page:
ERR08-J. Do not catch NullPointerException or any of its ancestors
Page:
NUM52-J. Be aware of numeric promotion behavior
Page:
THI02-J. Notify all waiting threads rather than a single thread
Page:
NUM10-J. Do not construct BigDecimal objects from floating-point literals
Page:
MET09-J. Classes that define an equals() method must also define a hashCode() method
Page:
OBJ05-J. Do not return references to private mutable class members
Page:
LCK09-J. Do not perform operations that can block while holding a lock
Page:
EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type
Page:
MET12-J. Do not use finalizers
Page:
ERR05-J. Do not let checked exceptions escape from a finally block
Page:
FIO10-J. Ensure the array is filled when using read() to fill an array
Page:
FIO02-J. Detect and handle file-related errors
Page:
IDS54-J. Prevent LDAP injection
Page:
MSC61-J. Do not use insecure or weak cryptographic algorithms
Page:
EXP06-J. Expressions used in assertions must not produce side effects
Page:
FIO04-J. Release resources when they are no longer needed
Page:
MET02-J. Do not use deprecated or obsolete classes or methods
Page:
EXP03-J. Do not use the equality operators when comparing values of boxed primitives
Page:
MSC56-J. Detect and remove superfluous code and values
Hierarchy
Parent Page
Page:
Rule or Rec. CC. Analyzers
Labels
There are no labels assigned to this page.
Recent Changes
Time
Editor
May 25, 2023 05:59
Alexandre GIGLEUX
View Changes
Dec 19, 2018 11:21
Alexandre GIGLEUX
View Changes
Jul 20, 2017 15:07
G. Ann Campbell
View Changes
Mar 02, 2016 14:43
G. Ann Campbell
View Changes
Feb 25, 2016 14:33
G. Ann Campbell
View Page History
Overview
Content Tools
{"serverDuration": 229, "requestCorrelationId": "e035d1a4908e1b66"}
