You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Generated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

Version number:
2024.1

Checker

Guideline

BD-SECURITY-TDLOGIDS03-J. Do not log unsanitized user input
BD-SECURITY-TDSQLIDS00-J. Prevent SQL injection
BD.CO.ITMODDCL02-J. Do not modify the collection's elements during an enhanced for statement
BD.CO.ITMODMSC06-J. Do not modify the underlying collection when an iteration is in progress
BD.EXCEPT.NPEXP01-J. Do not use a null in a case where an object is required
BD.PB.ZERONUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
BD.RES.LEAKSFIO04-J. Release resources when they are no longer needed
BD.RES.LEAKSMSC04-J. Do not leak memory
BD.SECURITY.SENSFIO13-J. Do not log sensitive information outside a trust boundary
BD.SECURITY.TDRFLSEC02-J. Do not base security checks on untrusted sources
BD.SECURITY.TDXMLIDS16-J. Prevent XML Injection
BD.TRS.LOCKLCK08-J. Ensure actively held locks are released on exceptional conditions
CODSTA.BP.ARMSEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CODSTA.BP.EXITERR09-J. Do not allow untrusted code to terminate the JVM
CODSTA.EPC.AGBPTOBJ03-J. Prevent heap pollution
CODSTA.OIM.OVERRIDEMET09-J. Classes that define an equals() method must also define a hashCode() method
CODSTD.BP.NTXERR07-J. Do not throw RuntimeException, Exception, or Throwable
EJB.MNDFMET12-J. Do not use finalizers
EXCEPT.ENFCOBJ11-J. Be wary of letting constructors throw exceptions
EXCEPT.NCNPEERR08-J. Do not catch NullPointerException or any of its ancestors
EXCEPT.NTERRERR07-J. Do not throw RuntimeException, Exception, or Throwable
GC.FCFMET12-J. Do not use finalizers
GC.FMMET12-J. Do not use finalizers
GC.IFFMET12-J. Do not use finalizers
GC.NCFMET12-J. Do not use finalizers
GLOBAL.ACDDCL00-J. Prevent class initialization cycles
HIBERNATE.LHIIFIO13-J. Do not log sensitive information outside a trust boundary
INTER.COSSTR00-J. Don't form strings containing partial characters from variable-width encodings
INTER.{CCL,CTLC}STR02-J. Specify an appropriate locale when comparing locale-dependent data
OOP.AHSMMET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
OOP.MUCOPOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
OOP.MUCOPOBJ05-J. Do not return references to private mutable class members
OOP.MUCOPOBJ06-J. Defensively copy mutable inputs and mutable internal components
OOP.OPMMET04-J. Do not increase the accessibility of overridden or hidden methods
OPT.CCRFIO04-J. Release resources when they are no longer needed
OPT.CCRFIO14-J. Perform proper cleanup at program termination
OPT.CIOFIO04-J. Release resources when they are no longer needed
OPT.CIOFIO14-J. Perform proper cleanup at program termination
OPT.CRWDFIO14-J. Perform proper cleanup at program termination
PB-NUM-FPLINUM09-J. Do not use floating-point variables as loop counters
PB-RE-NMCDEXP01-J. Do not use a null in a case where an object is required
PB.API.DPRAPIMET02-J. Do not use deprecated or obsolete classes or methods
PB.API.OFMET12-J. Do not use finalizers
PB.API.VAFSIDS06-J. Exclude unsanitized user input from format strings
PB.CUB.ARCFERR04-J. Do not complete abruptly from a finally block
PB.CUB.ARCFERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.ATSFERR04-J. Do not complete abruptly from a finally block
PB.CUB.ATSFERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.UEICEXP02-J. Do not use the Object.equals() method to compare two arrays
PB.CUB.UEICEXP03-J. Do not use the equality operators when comparing values of boxed primitives
PB.LOGIC.CRRVFIO08-J. Distinguish between characters or bytes read from a stream and -1
PB.NUM.AICNUM13-J. Avoid loss of precision when converting primitive integers to floating-point
PB.NUM.BBDCCNUM10-J. Do not construct BigDecimal objects from floating-point literals
PB.NUM.CLPNUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
PB.NUM.NANNUM07-J. Do not attempt comparisons with NaN
PB.NUM.UBDNUM04-J. Do not use floating-point numbers if precise computation is required
PB.NUM.{ICO,BSA,CACO}NUM00-J. Detect or prevent integer overflow
PB.TYPO.EBMSC01-J. Do not use an empty infinite loop
PB.USC.NASSIGEXP00-J. Do not ignore values returned by methods
PORT.ENVENV02-J. Do not trust the values of environment variables
PORT.EXECIDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
PORT.EXECFIO07-J. Do not let external processes block on IO buffers
SECURITY.EAB.CMPOBJ09-J. Compare classes and not class names
SECURITY.EAB.CPCLOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.CPCLOBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.CPCLOBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.JVMERR09-J. Do not allow untrusted code to terminate the JVM
SECURITY.EAB.MPTOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.MPTOBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.MPTOBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SMOOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.SMOOBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.SMOOBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SPFFOBJ10-J. Do not use public static nonfinal fields
SECURITY.ESD.ACWERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.ESD.CONSENFIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.PEOFIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.SIFSER03-J. Do not serialize unencrypted sensitive data
SECURITY.IBA.ATFFIO03-J. Remove temporary files before termination
SECURITY.IBA.NATIWJNI00-J. Define wrappers around native methods
SECURITY.IBA.VPPDIDS17-J. Prevent XML External Entity Attacks
SECURITY.UEHL.LGEERR00-J. Do not suppress or ignore checked exceptions
SECURITY.WSC.ACPSTERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.WSC.AHCAMSC03-J. Never hard code sensitive information
SECURITY.WSC.CLONEOBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.WSC.HCCKMSC03-J. Never hard code sensitive information
SECURITY.WSC.HCCSMSC03-J. Never hard code sensitive information
SECURITY.WSC.MCNCOBJ07-J. Sensitive classes must not let themselves be copied
SECURITY.WSC.SCFSEC04-J. Protect sensitive operations with security manager checks
SECURITY.WSC.SCSERSER04-J. Do not allow serialization and deserialization to bypass the security manager
SECURITY.WSC.SRDMSC02-J. Generate strong random numbers
SECURITY.WSC.USCMSC00-J. Use SSLSocket rather than Socket for secure data exchange
SERIAL.IRXSER11-J. Prevent overwriting of externalizable objects
SERIAL.ROWOSER01-J. Do not deviate from the proper signatures of serialization methods
SERIAL.RRSCSER07-J. Do not use the default serialized form for classes with implementation-defined invariants
SERVLET.CETSERR01-J. Do not allow exceptions to expose sensitive information
TRS.ANFTHI02-J. Notify all waiting threads rather than a single thread
TRS.AUTGTHI01-J. Do not invoke ThreadGroup methods
TRS.CSTARTTSM02-J. Do not use background threads during class initialization
TRS.CTRETSM01-J. Do not let the this reference escape during object construction
TRS.DCLLCK10-J. Use a correct form of the double-checked locking idiom
TRS.IASFLCK05-J. Synchronize access to static fields that can be modified by untrusted code
TRS.IRUNTHI00-J. Do not invoke Thread.run()
TRS.LORDVNA00-J. Ensure visibility when accessing shared primitive variables
TRS.LORDLCK07-J. Avoid deadlock by requesting and releasing locks in the same order
TRS.MRAVVNA00-J. Ensure visibility when accessing shared primitive variables
TRS.MRAVVNA02-J. Ensure that compound operations on shared variables are atomic
TRS.MRAVVNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.RLFLCK08-J. Ensure actively held locks are released on exceptional conditions
TRS.SCSLCK01-J. Do not synchronize on objects that may be reused
TRS.SOPFLCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
TRS.SSUGVNA02-J. Ensure that compound operations on shared variables are atomic
TRS.SSUGVNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.THRDMET02-J. Do not use deprecated or obsolete classes or methods
TRS.THRDTHI05-J. Do not use Thread.stop() to terminate threads
TRS.UWILTHI03-J. Always invoke wait() and await() methods inside a loop
UC.EFMET12-J. Do not use finalizers
UC.FCSFMET12-J. Do not use finalizers
UC.UCATCHERR00-J. Do not suppress or ignore checked exceptions
  • No labels