You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

This page was automatically generation and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

CERT Rule

Related Guidelines

IDS00-JCWE-116, Improper Encoding or Escaping of Output
IDS01-JCWE-289, Authentication bypass by alternate name
IDS01-JCWE-180, Incorrect behavior order: Validate before canonicalize
IDS03-JCWE-144, Improper neutralization of line delimiters
IDS03-JCWE-150, Improper neutralization of escape, meta, or control sequences
IDS03-JCWE-117, Improper Output Neutralization for Logs
IDS04-JCWE-409, Improper Handling of Highly Compressed Data (Data Amplification)
IDS06-JCWE-134, Uncontrolled Format String
IDS07-JCWE-78, Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")
IDS11-JCWE-182, Collapse of Data into Unsafe Value
IDS16-JCWE-116, Improper Encoding or Escaping of Output
IDS17-JCWE-116, Improper Encoding or Escaping of Output
DCL00-JCWE-665, Improper Initialization
EXP00-JCWE-252, Unchecked Return Value
EXP01-JCWE-476, NULL Pointer Dereference
EXP02-JCWE-595, Comparison of Object References Instead of Object Contents
EXP03-JCWE-595, Comparison of Object References Instead of Object Contents
EXP03-JCWE-597, Use of Wrong Operator in String Comparison
NUM00-JCWE-682, Incorrect Calculation
NUM00-JCWE-190, Integer Overflow or Wraparound
NUM00-JCWE-191, Integer Underflow (Wrap or Wraparound)
NUM02-JCWE-369, Divide by Zero
NUM12-JCWE-681, Incorrect Conversion between Numeric Types
NUM12-JCWE-197, Numeric Truncation Error
STR03-JCWE-838, Inappropriate Encoding for Output Context
OBJ01-JCWE-766, Critical Variable Declared Public
OBJ04-JCWE-374, Passing Mutable Objects to an Untrusted Method
OBJ04-JCWE-375, Returning a Mutable Object to an Untrusted Caller
OBJ05-JCWE-375, Returning a Mutable Object to an Untrusted Caller
OBJ07-JCWE-498, Cloneable Class Containing Sensitive Information
OBJ07-JCWE-491, Public cloneable() Method without Final (aka "Object Hijack")
OBJ08-JCWE-492, Use of Inner Class Containing Sensitive Data
OBJ09-JCWE-486, Comparison of Classes by Name
OBJ10-JCWE-493, Critical Public Variable without Final Modifier
OBJ10-JCWE-500, Public Static Field Not Marked Final
MET01-JCWE-617, Reachable Assertion
MET02-JCWE-589, Call to Non-ubiquitous API
MET04-JCWE-487, Reliance on Package-Level Scope
MET08-JCWE-697, Insufficient Comparison
MET09-JCWE-581, Object Model Violation: Just One of equals and hashcode Defined
MET10-JCWE-573, Improper Following of Specification by Caller
MET12-JCWE-586, Explicit call to Finalize()
MET12-JCWE-583, finalize() Method Declared Public
MET12-JCWE-568, finalize() Method without super.finalize()
ERR00-JCWE-390, Detection of Error Condition without Action
ERR01-JCWE-209, Information Exposure through an Error Message
ERR01-JCWE-497, Exposure of System Data to an Unauthorized Control Sphere
ERR01-JCWE-600, Uncaught Exception in Servlet
ERR03-JCWE-460, Improper Cleanup on Thrown Exception
ERR04-JCWE-459, Incomplete Cleanup
ERR04-JCWE-584, Return Inside finally Block
ERR05-JCWE-248, Uncaught Exception 
ERR05-JCWE-460, Improper Cleanup on Thrown Exception 
ERR05-JCWE-584, Return inside finally Block 
ERR05-JCWE-705, Incorrect Control Flow Scoping
ERR05-JCWE-754, Improper Check for Unusual or Exceptional Conditions 
ERR06-JCWE-703, Improper Check or Handling of Exceptional Conditions
ERR06-JCWE-248, Uncaught Exception
ERR07-JCWE-397, Declaration of Throws for Generic Exception
ERR09-JCWE-382, J2EE Bad Practices: Use of System.exit()
VNA00-JCWE-413, Improper Resource Locking
VNA00-JCWE-567, Unsynchronized Access to Shared Data in a Multithreaded Context
VNA00-JCWE-667, Improper Locking
VNA03-JCWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition")
VNA03-JCWE-366, Race Condition within a Thread
VNA03-JCWE-662, Improper Synchronization
VNA05-JCWE-667, Improper Locking
LCK00-JCWE-412. Unrestricted externally accessible lock
LCK05-JCWE-820, Missing Synchronization
LCK06-JCWE-667, Improper Locking
LCK07-JCWE-833, Deadlock
LCK08-JCWE-883, Deadlock
LCK10-JCWE-609, Double-checked Locking
THI00-JCWE-572, Call to Thread run() instead of start()
THI05-JCWE-705, Incorrect Control Flow Scoping
TPS00-JCWE-405, Asymmetric Resource Consumption (Amplification)
TPS00-JCWE-410, Insufficient Resource Pool
TPS03-JCWE-392, Missing Report of Error Condition
FIO00-JCWE-67, Improper Handling of Windows Device Names
FIO01-JCWE-279, Incorrect Execution-Assigned Permissions
FIO01-JCWE-276, Incorrect Default Permissions
FIO01-JCWE-732, Incorrect Permission Assignment for Critical Resource
FIO03-JCWE-377, Insecure Temporary File
FIO03-JCWE-459,  Incomplete Cleanup
FIO04-JCWE-404, Improper Resource Shutdown or Release
FIO04-JCWE-405, Asymmetric Resource Consumption (Amplification)
FIO04-JCWE-459, Incomplete Cleanup
FIO04-JCWE-770, Allocation of Resources without Limits or Throttling
FIO09-JCWE-252, Unchecked Return Value
FIO10-JCWE-135, Incorrect Calculation of Multi-byte String Length
FIO12-JCWE-198, Use of Incorrect Byte Ordering
FIO13-JCWE-359, Privacy Violation
FIO13-JCWE-532, Information Exposure through Log Files
FIO13-JCWE-533, Information Exposure through Server Log Files
FIO13-JCWE-542, Information Exposure through Cleanup Log Files
FIO14-JCWE-705, Incorrect Control Flow Scoping
FIO16-JCWE-171, Cleansing, Canonicalization, and Comparison Errors
FIO16-JCWE-647, Use of Non-canonical URL Paths for Authorization Decisions
SER00-JCWE-589, Call to Non-ubiquitous API
SER01-JCWE-502, Deserialization of Untrusted Data
SER02-JCWE-319, Cleartext Transmission of Sensitive Information
SER03-JCWE-499, Serializable Class Containing Sensitive Data
SER03-JCWE-502, Deserialization of Untrusted Data
SER05-JCWE-499, Serializable Class Containing Sensitive Data
SER06-JCWE-502, Deserialization of Untrusted Data
SER07-JCWE-502, "Deserialization of Untrusted Data"
SER08-JCWE-250, Execution with Unnecessary Privileges
SER10-JCWE-400, Uncontrolled Resource Consumption (aka "Resource Exhaustion")
SER10-JCWE-770, Allocation of Resources without Limits or Throttling
SER12-JCWE-502, Deserialization of Untrusted Data
SEC00-JCWE-266, Incorrect Privilege Assignment
SEC00-JCWE-272, Least Privilege Violation
SEC01-JCWE-266, Incorrect Privilege Assignment
SEC01-JCWE-272, Least Privilege Violation
SEC01-JCWE-732, Incorrect Permission Assignment for Critical Resource
SEC02-JCWE-302, Authentication Bypass by Assumed-Immutable Data
SEC02-JCWE-470, Use of Externally-Controlled Input to Select Classes or Code ("Unsafe Reflection")
SEC06-JCWE-300, Channel Accessible by Non-endpoint (aka "Man-in-the-Middle")
SEC06-JCWE-319, Cleartext Transmission of Sensitive Information
SEC06-JCWE-347, Improper Verification of Cryptographic Signature
SEC06-JCWE-494, Download of Code without Integrity Check
ENV01-JCWE-349, Acceptance of Extraneous Untrusted Data with Trusted Data
ENV03-JCWE-732, Incorrect Permission Assignment for Critical Resource
JNI00-JCWE-111, Direct Use of Unsafe JNI
MSC00-JCWE-311, Failure to Encrypt Sensitive Data
MSC02-JCWE-327, Use of a Broken or Risky Cryptographic Algorithm
MSC02-JCWE-330, Use of Insufficiently Random Values
MSC02-JCWE-332, Insufficient Entropy in PRNG
MSC02-JCWE-336, Same Seed in PRNG
MSC02-JCWE-337, Predictable Seed in PRNG
MSC03-JCWE-259, Use of Hard-Coded Password
MSC03-JCWE-798, Use of Hard-Coded Credentials
MSC04-JCWE-401, Improper Release of Memory before Removing Last Reference ("Memory Leak")
MSC05-JCWE-400, Uncontrolled Resource Consumption ("Resource Exhaustion")
MSC05-JCWE-770, Allocation of Resources without Limits or Throttling
IDS50-JCWE-116, Improper encoding or escaping of output
SEC58-JCWE-502, Deserialization of Untrusted Data
STR51-JCWE-838. Inappropriate Encoding for Output Context
  • No labels