You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

 

Java Coding Guidelines focuses on the Java SE 7 Platform environment and includes guidelines that address the issue of secure coding using the Java SE 7 API. The Java Language Specification: Java SE 7 Edition [JLS 2011] prescribes the behavior of the Java programming language and serves as the primary reference for the development of these guidelines.

Traditional languages standards, such as those for C and C++, include undefined, unspecified, and implementation-defined behaviors that can lead to vulnerabilities when a programmer makes incorrect assumptions about the portability of these behaviors. By contrast, The Java Language Specification more completely specifies langauge behaviors, because Java is designed to be a cross-platform language. Even then, certain behaviors are left to the discretion of the implementer of the Java Virtual Machine (JVM) or the Java compiler. These guidelines identify such language peculiarities and suggest solutions to help implementers address the issues and let programmers appreciate and understand the limitations of the language and navigate around them.

Focusing only on language issues does not translate to writing reliable and secure software. Design issues in Java APIs sometimes lead to their deprecation. At other times, the APIs or the relevant documentation may be interpreted incorrectly by the programming community. These guidelines identify such problematic APIs and highlight their correct use. Examples of commonly used faulty design patterns and idioms are also included.

The Java language, its core and extension APIs, and the JVM provide several security features, such as the security manager and access controller, cryptography, automatic memory management, strong type checking, and bytecode verification. These features provide sufficient security for most applications, but their proper use is of paramount importance. These guidelines highlight the pitfalls and caveats associated with the security architecture and stress its correct implementation. Adherence to these guidelines safeguards trusted programs from a plethora of exploitable security bugs that can cause denial of service, information leaks, erroneous computations, and privilege escalation.

Included Libraries

<Note.  This diagram needs to be replaced by the one from http://docs.oracle.com/javase/7/docs/ (or removed altogether).><04/11: I replaced the image: Does it need introductory text here?>

These coding guidelines address security issues primarily applicable to the lang and util base libraries as well as for "other base libraries." They avoid the inclusion of open bugs that have already been marked to be fixed or those that do not have any security ramifications. A functional bug is included only if it is likely to occur with high frequency, causes considerable security concerns, or affects most Java technologies that rely on the core platform. These guidelines are not limited to security issues specific to the core API but also include important reliability and security concerns pertaining to the standard extension APIs (javax package).

Issues Not Addressed

A number of issues are not addressed by this secure coding standard.

Content

These coding guidelines do not address concerns specific to only one Java-based platform but apply broadly to all platforms. For example, guidelines that are applicable to Java Micro Edition (ME) or Java Enterprise Edition (EE) alone and not to Java Standard Edition (SE) are typically not included. In Java SE, APIs that deal with the user interface (user interface toolkits) or the web interface for providing features such as sound, graphical rendering, user account access control, session management, authentication, and authorization are beyond the scope of these guidelines. However, this does not preclude the guidelines from discussing networked Java systems in light of the risks associated with improper input validation and injection flaws and suggesting appropriate mitigation strategies. These guidelines assume that the functional specification of the product correctly identifies and prevents higher-level design and architectural vulnerabilities.

Coding Style

Coding style issues are subjective, and it has proven impossible to develop a consensus on appropriate style guidelines. Consequently, The CERT Oracle Java Coding Guidelines does not require any particular coding style to be enforced but only that the user define style guidelines and apply these guidelines consistently. The easiest way to consistently apply a coding style is with the use of a code formatting tool. Many integrated development environments (IDEs) provide such capabilities.

Tools

Because of the nature of the guidelines, many of them are not subject to automatic detection or correction. Furthermore, as a federally funded research and development center (FFRDC), the Software Engineering Institute (SEI) is not in a position to recommend particular vendors or tools to enforce the restrictions adopted. The user of this document is free to choose tools, and vendors are encouraged to provide tools to enforce the guidelines.

Controversial Guidelines

In general, The CERT Oracle Java Coding Guidelines tries to avoid the inclusion of controversial guidelines that lack a broad consensus.

  • No labels