SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 2024.1

Checker

Guideline

BD-SECURITY-TDLOG IDS03-J. Do not log unsanitized user input
BD-SECURITY-TDSQL IDS00-J. Prevent SQL injection
BD.API.ARGWRITE FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255
BD.API.EQREFL MET08-J. Preserve the equality contract when overriding the equals() method
BD.CO.ITMOD DCL02-J. Do not modify the collection's elements during an enhanced for statement
BD.CO.ITMOD MSC06-J. Do not modify the underlying collection when an iteration is in progress
BD.EXCEPT.NP EXP01-J. Do not use a null in a case where an object is required
BD.PB.MULBUF FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream
BD.PB.REVOBJ ERR03-J. Restore prior object state on method failure
BD.PB.VREADOBJ SER09-J. Do not invoke overridable methods from the readObject() method
BD.PB.ZERO NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
BD.RES.LEAKS FIO04-J. Release resources when they are no longer needed
BD.RES.LEAKS MSC04-J. Do not leak memory
BD.SECURITY.BUFEXP FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code
BD.SECURITY.FPEXC NUM08-J. Check floating-point inputs for exceptional values
BD.SECURITY.PRIVIL SEC01-J. Do not allow tainted variables in privileged blocks
BD.SECURITY.REMTMP FIO03-J. Remove temporary files before termination
BD.SECURITY.SENS FIO13-J. Do not log sensitive information outside a trust boundary
BD.SECURITY.TDRFL SEC02-J. Do not base security checks on untrusted sources
BD.SECURITY.TDXML IDS16-J. Prevent XML Injection
BD.SECURITY.VPPD IDS11-J. Perform any string modifications before validation
BD.TRS.INSTLOCK LCK06-J. Do not use an instance lock to protect shared static data
BD.TRS.LOCK LCK08-J. Ensure actively held locks are released on exceptional conditions
BD.TRS.TSHL LCK09-J. Do not perform operations that can block while holding a lock
CODSTA.BP.ARM SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
CODSTA.BP.EXIT ERR09-J. Do not allow untrusted code to terminate the JVM
CODSTA.EPC.AGBPT OBJ03-J. Prevent heap pollution
CODSTA.OIM.OVERRIDE MET09-J. Classes that define an equals() method must also define a hashCode() method
CODSTA.READ.CID EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
CODSTD.BP.NTX ERR07-J. Do not throw RuntimeException, Exception, or Throwable
EJB.MNDF MET12-J. Do not use finalizers
EXCEPT.EPNFC OBJ11-J. Be wary of letting constructors throw exceptions
EXCEPT.NCNPE ERR08-J. Do not catch NullPointerException or any of its ancestors
EXCEPT.NTERR ERR07-J. Do not throw RuntimeException, Exception, or Throwable
GC.FCF MET12-J. Do not use finalizers
GC.FM MET12-J. Do not use finalizers
GC.IFF MET12-J. Do not use finalizers
GC.NCF MET12-J. Do not use finalizers
GLOBAL.ACD DCL00-J. Prevent class initialization cycles
HIBERNATE.LHII FIO13-J. Do not log sensitive information outside a trust boundary
INTER.CCL STR02-J. Specify an appropriate locale when comparing locale-dependent data
INTER.COS STR00-J. Don't form strings containing partial characters from variable-width encodings
INTER.CTLC STR02-J. Specify an appropriate locale when comparing locale-dependent data
OOP.AHSM MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface
OOP.MFP MET12-J. Do not use finalizers
OOP.MUCOP OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
OOP.MUCOP OBJ05-J. Do not return references to private mutable class members
OOP.MUCOP OBJ06-J. Defensively copy mutable inputs and mutable internal components
OOP.OPM MET04-J. Do not increase the accessibility of overridden or hidden methods
OPT.CCR FIO04-J. Release resources when they are no longer needed
OPT.CCR FIO14-J. Perform proper cleanup at program termination
OPT.CIO FIO04-J. Release resources when they are no longer needed
OPT.CIO FIO14-J. Perform proper cleanup at program termination
OPT.CRWD FIO14-J. Perform proper cleanup at program termination
PB-NUM-FPLI NUM09-J. Do not use floating-point variables as loop counters
PB-RE-NCMD EXP01-J. Do not use a null in a case where an object is required
PB.API.DPRAPI MET02-J. Do not use deprecated or obsolete classes or methods
PB.API.OF MET12-J. Do not use finalizers
PB.API.VAFS IDS06-J. Exclude unsanitized user input from format strings
PB.CUB.ARCF ERR04-J. Do not complete abruptly from a finally block
PB.CUB.ARCF ERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.ATSF ERR04-J. Do not complete abruptly from a finally block
PB.CUB.ATSF ERR05-J. Do not let checked exceptions escape from a finally block
PB.CUB.RMO OBJ10-J. Do not use public static nonfinal fields
PB.CUB.UEIC EXP02-J. Do not use the Object.equals() method to compare two arrays
PB.CUB.UEIC EXP03-J. Do not use the equality operators when comparing values of boxed primitives
PB.IKICO MET11-J. Ensure that keys used in comparison operations are immutable
PB.LOGIC.CRRV FIO08-J. Distinguish between characters or bytes read from a stream and -1
PB.NUM.AIC NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
PB.NUM.BBDCC NUM10-J. Do not construct BigDecimal objects from floating-point literals
PB.NUM.BSA NUM00-J. Detect or prevent integer overflow
PB.NUM.CACO NUM00-J. Detect or prevent integer overflow
PB.NUM.CLP NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
PB.NUM.ICO NUM00-J. Detect or prevent integer overflow
PB.NUM.NAN NUM07-J. Do not attempt comparisons with NaN
PB.NUM.UBD NUM04-J. Do not use floating-point numbers if precise computation is required
PB.TYPO.AECB EXP00-J. Do not ignore values returned by methods
PB.TYPO.EB MSC01-J. Do not use an empty infinite loop
PB.USC.NASSIG EXP00-J. Do not ignore values returned by methods
PORT.ENV ENV02-J. Do not trust the values of environment variables
PORT.EXEC IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
PORT.EXEC FIO07-J. Do not let external processes block on IO buffers
SECURITY.BV.ACL SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
SECURITY.EAB.CMP OBJ09-J. Compare classes and not class names
SECURITY.EAB.CPCL OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.CPCL OBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.CPCL OBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.JVM ERR09-J. Do not allow untrusted code to terminate the JVM
SECURITY.EAB.MPT OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.MPT OBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.MPT OBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SMO OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.EAB.SMO OBJ05-J. Do not return references to private mutable class members
SECURITY.EAB.SMO OBJ06-J. Defensively copy mutable inputs and mutable internal components
SECURITY.EAB.SPFF OBJ10-J. Do not use public static nonfinal fields
SECURITY.ESD.ACW ERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.ESD.CONSEN FIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.PEO FIO13-J. Do not log sensitive information outside a trust boundary
SECURITY.ESD.SIF SER03-J. Do not serialize unencrypted sensitive data
SECURITY.IBA.ATF FIO03-J. Remove temporary files before termination
SECURITY.IBA.CDBV FIO16-J. Canonicalize path names before validating them
SECURITY.IBA.NATIW JNI00-J. Define wrappers around native methods
SECURITY.UEHL.LGE ERR00-J. Do not suppress or ignore checked exceptions
SECURITY.WSC.ACPST ERR01-J. Do not allow exceptions to expose sensitive information
SECURITY.WSC.AHCA MSC03-J. Never hard code sensitive information
SECURITY.WSC.CLONE OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
SECURITY.WSC.CLONE MET06-J. Do not invoke overridable methods in clone()
SECURITY.WSC.HCCK MSC03-J. Never hard code sensitive information
SECURITY.WSC.HCCS MSC03-J. Never hard code sensitive information
SECURITY.WSC.MCNC OBJ07-J. Sensitive classes must not let themselves be copied
SECURITY.WSC.SCF SEC04-J. Protect sensitive operations with security manager checks
SECURITY.WSC.SCSER SER04-J. Do not allow serialization and deserialization to bypass the security manager
SECURITY.WSC.SRD MSC02-J. Generate strong random numbers
SECURITY.WSC.USC MSC00-J. Use SSLSocket rather than Socket for secure data exchange
SERIAL.DUID SER00-J. Enable serialization compatibility during class evolution
SERIAL.IRX SER11-J. Prevent overwriting of externalizable objects
SERIAL.ROWO SER01-J. Do not deviate from the proper signatures of serialization methods
SERIAL.RRSC SER07-J. Do not use the default serialized form for classes with implementation-defined invariants
SERVLET.CETS ERR01-J. Do not allow exceptions to expose sensitive information
TRS.ANF THI02-J. Notify all waiting threads rather than a single thread
TRS.AUTG THI01-J. Do not invoke ThreadGroup methods
TRS.CSTART TSM02-J. Do not use background threads during class initialization
TRS.CTRE TSM01-J. Do not let the this reference escape during object construction
TRS.DCL LCK10-J. Use a correct form of the double-checked locking idiom
TRS.IASF LCK05-J. Synchronize access to static fields that can be modified by untrusted code
TRS.ILI MSC07-J. Prevent multiple instantiations of singleton objects
TRS.IRUN THI00-J. Do not invoke Thread.run()
TRS.ISTART TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts
TRS.LORD VNA00-J. Ensure visibility when accessing shared primitive variables
TRS.LORD LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
TRS.MRAV VNA00-J. Ensure visibility when accessing shared primitive variables
TRS.MRAV VNA02-J. Ensure that compound operations on shared variables are atomic
TRS.MRAV VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.OSNS TSM00-J. Do not override thread-safe methods with methods that are not thread-safe
TRS.RLF LCK08-J. Ensure actively held locks are released on exceptional conditions
TRS.SCS LCK01-J. Do not synchronize on objects that may be reused
TRS.SGC LCK02-J. Do not synchronize on the class object returned by getClass()
TRS.SOBC LCK04-J. Do not synchronize on a collection view if the backing collection is accessible
TRS.SOPF LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
TRS.SSUG VNA02-J. Ensure that compound operations on shared variables are atomic
TRS.SSUG VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic
TRS.THRD MET02-J. Do not use deprecated or obsolete classes or methods
TRS.THRD THI05-J. Do not use Thread.stop() to terminate threads
TRS.TSHL LCK09-J. Do not perform operations that can block while holding a lock
TRS.UWIL THI03-J. Always invoke wait() and await() methods inside a loop
UC.EF MET12-J. Do not use finalizers
UC.FCSF MET12-J. Do not use finalizers
UC.UCATCH ERR00-J. Do not suppress or ignore checked exceptions
  • No labels