Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT Oracle Coding Standard for Java
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (1)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT Oracle Coding Standard for Java
2 Rules
Rule 00. Input Validation and Data Sanitization (IDS)
IDS04-J. Safely extract files from ZipInputStream
Page Information
Title:
IDS04-J. Safely extract files from ZipInputStream
Author:
David Svoboda
Apr 08, 2011
Last Changed by:
Alexandre GIGLEUX
Dec 19, 2018
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/LjZGBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT Oracle Coding Standard for Java (2)
Page:
MSC05-J. Do not exhaust heap space
Page:
IDS03-J. Do not log unsanitized user input
Hierarchy
Parent Page
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Labels
Global Labels (6)
draft
ids
android
resource-exhaustion
rule
android-implementation-detail-java
Recent Changes
Time
Editor
Dec 19, 2018 10:52
Alexandre GIGLEUX
View Changes
Dec 19, 2018 10:45
Alexandre GIGLEUX
View Changes
Jun 18, 2018 10:25
Derek Leung
View Changes
Jun 15, 2018 16:45
Derek Leung
View Changes
Add related vulnerability: "Zip Slip"
Sep 14, 2017 11:44
David Svoboda
CS bugfix
View Page History
Outgoing Links
External Links (17)
www.unforgettable.dk/
en.wikipedia.org/wiki/Kilobyte
cwe.mitre.org/
cwe.mitre.org/data/definitions/409.html
en.wikipedia.org/wiki/Zip_file
https://snyk.io/blog/zip-slip-vulnerability/
blog.sina.com.cn/s/blog_be6dacae0101bksm.html
www.oracle.com/technetwork/java/seccodeguide-139067.html
en.wikipedia.org/wiki/Petabyte
en.wikipedia.org/wiki/Gibibyte
en.wikipedia.org/wiki/Pebibyte
https://rules.sonarsource.com/java/RSPEC-5042
media.blackhat.com/us-13/US-13-Forristal-Android-One-Root-t…
en.wikipedia.org/wiki/Zip_bomb#cite_note-4
https://www.safaribooksonline.com/library/view/secure-codin…
en.wikipedia.org/wiki/Gigabyte
java.sun.com/developer/technicalArticles/Programming/compre…
SEI CERT Oracle Coding Standard for Java (11)
Page:
Rule BB. Glossary
Page:
FIO16-J. Canonicalize path names before validating them
Page:
Rule AA. References
Page:
SonarQube_V
Page:
The Checker Framework_V
Page:
The Checker Framework
Page:
Rule 00. Input Validation and Data Sanitization (IDS)
Home page:
SEI CERT Oracle Coding Standard for Java
Page:
IDS05-J. Use a safe subset of ASCII for file and path names
Page:
SonarQube
Page:
IDS03-J. Do not log unsanitized user input
Overview
Content Tools
{"serverDuration": 100, "requestCorrelationId": "8419dd5ffd70dba8"}
