Section |
Rules Supported All |
% Coverage | |
All |
118 |
121 |
97.5 |
PRE |
3 |
3 |
100.0 |
DCL |
8 |
8 |
100.0 |
EXP |
15 |
15 |
100.0 |
INT |
7 |
7 |
100.0 |
FLP |
5 |
5 |
100.0 |
ARR |
6 |
6 |
100.0 |
STR |
6 |
6 |
100.0 |
MEM |
6 |
6 |
100.0 |
FIO |
13 |
13 |
100.0 |
ENV |
5 |
5 |
100.0 |
SIG |
4 |
4 |
100.0 |
ERR |
4 |
4 |
100.0 |
CON |
13 |
13 |
100.0 |
MSC |
8 |
8 |
100.0 |
POS |
14 |
17 |
82.4 |
WIN |
1 |
1 |
100.0 |
Rule | Description |
Do not create a universal character name through concatenation. |
|
Avoid side effects in arguments to unsafe macros. |
|
Do not use preprocessor directives in invocations of function-like macros. |
|
Declare objects with appropriate storage durations. |
|
Declare identifiers before using them. |
|
Do not declare an identifier with conflicting linkage classifications. |
|
Do not declare or define a reserved identifier. |
|
Use the correct syntax when declaring a flexible array member. |
|
Avoid information leakage when passing a structure across a trust boundary. |
|
Do not create incompatible declarations of the same function or object. |
|
Do not declare variables inside a switch statement before the first case label. |
|
Do not depend on order of evaluation for side effects. |
|
Do not access a volatile object through a nonvolatile reference. |
|
Do not read uninitialized memory. |
|
Do not dereference null pointers. |
|
Do not modify objects with temporary lifetime. |
|
Do not cast pointers into more strictly aligned pointer types. |
|
Call functions with the correct number and type of arguments. |
|
Do not access a variable through a pointer of an incompatible type. |
|
Do not modify constant objects. |
|
Do not compare padding data. |
|
Avoid undefined behavior when using restrict-qualified pointers. |
|
Do not rely on side effects in operands to sizeof, _Alignof, or _Generic. |
|
Do not perform assignments in selection statements. |
|
Do not use a bitwise operator with a Boolean-like operand. |
|
Do not call va_arg with an argument of the incorrect type. |
|
Ensure that unsigned integer operations do not wrap. |
|
Ensure that integer conversions do not result in lost or misinterpreted data. |
|
Ensure that operations on signed integers do not result in overflow. |
|
Ensure that division and remainder operations do not result in divide-by-zero errors. |
|
Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand. |
|
Use correct integer precisions. |
|
Converting a pointer to integer or integer to pointer. |
|
Do not use floating-point variables as loop counters. |
|
Prevent or detect domain and range errors in math functions. |
|
Ensure that floating-point conversions are within range of the new type. |
|
Preserve precision when converting integral values to floating-point type. |
|
Do not use object representations to compare floating-point values. |
|
Do not form or use out of bounds pointers or array subscripts. |
|
Ensure size arguments for variable length arrays are in a valid range. |
|
Do not subtract or compare two pointers that do not refer to the same array. |
|
Do not add or subtract an integer to a pointer to a non-array object. |
|
Guarantee that library functions do not form invalid pointers. |
|
Do not add or subtract a scaled integer to a pointer. |
|
Do not attempt to modify string literals. |
|
Guarantee that storage for strings has sufficient space for character data and the null terminator. |
|
Do not pass a non-null-terminated character sequence to a library function that expects a string. |
|
Cast characters to unsigned char before converting to larger integer sizes. |
|
Arguments to character-handling functions must be representable as an unsigned char. |
|
Do not confuse narrow and wide character strings and functions. |
|
Do not access freed memory. |
|
Free dynamically allocated memory when no longer needed. |
|
Allocate and copy structures containing a flexible array member dynamically. |
|
Only free memory allocated dynamically. |
|
Allocate sufficient memory for an object. |
|
Do not modify the alignment of objects by calling realloc(). |
|
Exclude user input from format strings. |
|
Do not perform operations on devices that are only appropriate for files. |
|
Distinguish between characters read from a file and EOF or WEOF. |
|
Do not assume that fgets() or fgetws() returns a nonempty string when successful. |
|
Do not copy a FILE object. |
|
Do not alternately input and output from a stream without an intervening flush or positioning call. |
|
Reset strings on fgets() or fgetws() failure. |
|
Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects. |
|
Close files when they are no longer needed. |
|
Only use values for fsetpos() that are returned from fgetpos(). |
|
Avoid TOCTOU race conditions while accessing files. |
|
Do not access a closed file. |
|
Use valid format strings. |
|
Do not modify the object referenced by the return value of certain functions. |
|
Do not rely on an environment pointer following an operation that may invalidate it. |
|
All exit handlers must return normally. |
|
Do not call system(). |
|
Do not store pointers returned by certain functions. |
|
Call only asynchronous-safe functions within signal handlers. |
|
Do not access shared objects in signal handlers. |
|
Do not call signal() from within interruptible signal handlers. |
|
Do not return from a computational exception signal handler. |
|
Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure. |
|
Do not rely on indeterminate values of errno. |
|
Detect and handle standard library errors. |
|
Detect errors when converting a string to a number. |
|
Clean up thread-specific storage. |
|
Do not destroy a mutex while it is locked. |
|
Prevent data races when accessing bit-fields from multiple threads. |
|
Avoid race conditions when using library functions. |
|
Declare objects shared between threads with appropriate storage durations. |
|
Avoid deadlock by locking in predefined order. |
|
Wrap functions that can spuriously wake up in a loop. |
|
Do not call signal() in a multithreaded program. |
|
Preserve thread safety and liveness when using condition variables. |
|
Do not join or detach a thread that was previously joined or detached. |
|
Do not refer to an atomic variable twice in an expression. |
|
Wrap functions that can fail spuriously in a loop. |
|
Do not allow data races in multithreaded code. |
|
Do not use the rand() function for generating pseudorandom numbers. |
|
Properly seed pseudorandom number generators. |
|
Do not pass invalid data to the asctime() function. |
|
Ensure that control never reaches the end of a non-void function. |
|
Do not treat a predefined identifier as an object if it might only be implemented as a macro. |
|
Do not call va_arg() on a va_list that has an indeterminate value. |
|
Do not violate constraints. |
|
Never hard code sensitive information. |
|
Use the readlink() function properly. |
|
Do not use vfork(). |
|
Do not call putenv() with a pointer to an automatic variable as the argument. |
|
Avoid race conditions while checking for the existence of a symbolic link. |
|
Observe correct revocation order while relinquishing privileges. |
|
Ensure that privilege relinquishment is successful. |
|
Beware of race conditions when using fork and file descriptors. |
|
Use the correct byte ordering when transferring data between systems. |
|
Do not use signals to terminate threads. |
|
Do not use threads that can be canceled asynchronously. |
|
When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed. |
|
Declare objects shared between POSIX threads with appropriate storage durations. |
|
Do not perform operations that can block while holding a POSIX lock. |
|
Detect and handle POSIX library errors. |
|
Properly pair allocation and deallocation functions. |
Section |
Rules Supported All |
% Coverage | |
All |
83 |
83 |
100.0 |
DCL |
11 |
11 |
100.0 |
EXP |
14 |
14 |
100.0 |
INT |
1 |
1 |
100.0 |
CTR |
9 |
9 |
100.0 |
STR |
4 |
4 |
100.0 |
MEM |
8 |
8 |
100.0 |
FIO |
2 |
2 |
100.0 |
ERR |
13 |
13 |
100.0 |
OOP |
9 |
9 |
100.0 |
CON |
7 |
7 |
100.0 |
MSC |
5 |
5 |
100.0 |
Rule | Description |
Do not define a C-style variadic function. |
|
Do not declare or define a reserved identifier. |
|
Never qualify a reference type with const or volatile. |
|
Do not write syntactically ambiguous declarations. |
|
Overload allocation and deallocation functions as a pair in the same scope. |
|
Avoid information leakage when passing a class object across a trust boundary. |
|
Avoid cycles during initialization of static objects. |
|
Do not let exceptions escape from destructors or deallocation functions. |
|
Do not modify the standard namespaces. |
|
Do not define an unnamed namespace in a header file. |
|
Obey the one-definition rule. |
|
Do not depend on the order of evaluation for side effects. |
|
Do not delete an array through a pointer of the incorrect type. |
|
Do not rely on side effects in unevaluated operands. |
|
Do not read uninitialized memory. |
|
Do not access an object outside of its lifetime. |
|
Do not access a cv-qualified object through a cv-unqualified type. |
|
Do not call a function with a mismatched language linkage. |
|
Do not cast or delete pointers to incomplete classes. |
|
Pass an object of the correct type to va_start. |
|
Use offsetof() on valid types and members. |
|
Do not pass a nonstandard-layout type object across execution boundaries. |
|
A lambda object must not outlive any of its reference captured objects. |
|
Do not access the bits of an object representation that are not part of the object's value representation. |
|
Do not rely on the value of a moved-from object. |
|
Do not cast to an out-of-range enumeration value. |
|
Guarantee that container indices and iterators are within the valid range. |
|
Use valid references, pointers, and iterators to reference elements of a container. |
|
Guarantee that library functions do not overflow. |
|
Use valid iterator ranges. |
|
Do not subtract iterators that do not refer to the same container. |
|
Do not use an additive operator on an iterator if the result would overflow. |
|
Do not use pointer arithmetic on polymorphic objects. |
|
Provide a valid ordering predicate. |
|
Predicate function objects should not be mutable. |
|
Guarantee that storage for strings has sufficient space for character data and the null terminator. |
|
Do not attempt to create a std::string from a null pointer. |
|
Use valid references, pointers, and iterators to reference elements of a basic_string. |
|
Range check element access. |
|
Do not access freed memory. |
|
Properly deallocate dynamically allocated resources. |
|
Detect and handle memory allocation errors. |
|
Explicitly construct and destruct objects when manually managing object lifetime. |
|
Provide placement new with properly aligned pointers to sufficient storage capacity. |
|
Honor replacement dynamic storage management requirements. |
|
Do not store an already-owned pointer value in an unrelated smart pointer. |
|
Avoid using default operator new for over-aligned types. |
|
Do not alternately input and output from a file stream without an intervening positioning call. |
|
Close files when they are no longer needed. |
|
Do not abruptly terminate the program. |
|
Handle all exceptions. |
|
Do not use setjmp() or longjmp(). |
|
Do not reference base classes or class data members in a constructor or destructor function-try-block handler. |
|
Catch handlers should order their parameter types from most derived to least derived. |
|
Honor exception specifications. |
|
Guarantee exception safety. |
|
Do not leak resources when handling exceptions. |
|
Handle all exceptions thrown before main() begins executing. |
|
Do not throw an exception across execution boundaries. |
|
Exception objects must be nothrow copy constructible. |
|
Catch exceptions by lvalue reference. |
|
Detect errors when converting a string to a number. |
|
Do not invoke virtual functions from constructors or destructors. |
|
Do not slice derived objects. |
|
Do not delete a polymorphic object without a virtual destructor. |
|
Write constructor member initializers in the canonical order. |
|
Gracefully handle self-copy assignment. |
|
Do not use pointer-to-member operators to access nonexistent members. |
|
Honor replacement handler requirements. |
|
Prefer special member functions and overloaded operators to C Standard Library functions. |
|
Copy operations must not mutate the source object. |
|
Do not destroy a mutex while it is locked. |
|
Ensure actively held locks are released on exceptional conditions. |
|
Prevent data races when accessing fields from multiple threads. |
|
Avoid deadlocks by locking in a predefined order. |
|
Wrap functions that can spuriously wake up in a loop. |
|
Preserve thread safety and liveness when using condition variables. |
|
Do not speculatively lock a non-recursive mutex that is already owned by the calling thread. |
|
Do not use std::rand() for generating pseudorandom numbers. |
|
Ensure your random number generator is properly seeded. |
|
Value-returning functions must return a value from all exit paths. |
|
MSC53-CPP |
Do not return from a function declared [[noreturn]]. |
A signal handler must be a plain old function. |
Section |
Recommendations Supported All |
% Coverage | |
All |
103 |
191 |
53.9 |
PRE |
7 |
14 |
50.0 |
DCL |
14 |
23 |
60.9 |
EXP |
11 |
16 |
68.8 |
INT |
12 |
16 |
75.0 |
FLP |
4 |
8 |
50.0 |
ARR |
3 |
3 |
100.0 |
STR |
6 |
12 |
50.0 |
MEM |
10 |
17 |
58.8 |
FIO |
7 |
20 |
35.0 |
ENV |
1 |
3 |
33.3 |
SIG |
2 |
3 |
66.7 |
ERR |
2 |
8 |
25.0 |
API |
4 |
9 |
44.4 |
CON |
2 |
8 |
25.0 |
MSC |
12 |
22 |
54.5 |
POS |
3 |
4 |
75.0 |
WIN |
3 |
5 |
60.0 |
Rule | Description |
Prefer inline or static functions to function-like macros. |
|
Enclose header files in an include guard. |
|
Avoid using repeated question marks. |
|
Do not replace secure functions with deprecated or obsolescent functions. |
|
Wrap multistatement macros in a do-while loop. |
|
Do not conclude macro definitions with a semicolon. |
|
Do not define unsafe macros. |
|
Do not reuse variable names in subscopes. |
|
Use visually distinct identifiers. |
|
Use meaningful symbolic constants to represent literal values. |
|
Include the appropriate type information in function declarators. |
|
Maintain the contract between the writer and caller of variadic functions. |
|
Understand the type issues associated with variadic functions. |
|
Implement abstract data types using opaque types. |
|
Declare function parameters that are pointers to values not changed by the function as const. |
|
Declare file-scope objects or functions that do not need external linkage as static. |
|
Use "L," not "l," to indicate a long value. |
|
Do not begin integer constants with 0 when specifying a decimal value. |
|
Minimize the scope of variables and functions. |
|
Use volatile for data that cannot be cached. |
|
Guarantee that mutually visible identifiers are unique. |
|
Use parentheses for precedence of operation. |
|
Do not cast away a const qualification. |
|
Ensure pointer arithmetic is used correctly. |
|
Use sizeof to determine the size of a type or variable. |
|
Do not depend on the order of evaluation of subexpressions or the order in which side effects take place. |
|
Do not ignore values returned by functions. |
|
Treat relational and equality operators as if they were nonassociative. |
|
Do not place a semicolon on the same line as an if, for, or while statement. |
|
Do not compare function pointers to constant values. |
|
Use braces for the body of an if, for, or while statement. |
|
Perform explicit tests to determine success, true and false, and equality. |
|
Understand the data model used by your implementation(s). |
|
Understand integer conversion rules. |
|
Enforce limits on integer values originating from tainted sources. |
|
Use only explicitly signed or unsigned char type for numeric values. |
|
Verify that all integer values are in range. |
|
Ensure enumeration constants map to unique values. |
|
Do not assume a positive remainder when using the % operator. |
|
Do not make assumptions about the type of a plain int bit-field when used in an expression. |
|
Use bitwise operators only on unsigned operands. |
|
Avoid performing bitwise and arithmetic operations on the same data. |
|
Define integer constants in an implementation-independent manner. |
|
Evaluate integer expressions in a larger size before comparing or assigning to that size. |
|
Understand the limitations of floating-point numbers. |
|
Avoid using floating-point numbers when precise computation is needed. |
|
Detect and handle floating-point errors. |
|
Convert integers to floating point for floating-point operations. |
|
Understand how arrays work. |
|
Do not apply the sizeof operator to a pointer when taking the size of an array. |
|
Explicitly specify array bounds, even if implicitly defined by an initializer. |
|
Represent characters using an appropriate type. |
|
Sanitize data passed to complex subsystems. |
|
Do not inadvertently truncate a string. |
|
Do not assume that strtok() leaves the parse string unchanged. |
|
Use the bounds-checking interfaces for string manipulation. |
|
Do not specify the bound of a character array initialized with a string literal. |
|
Allocate and free memory in the same module, at the same level of abstraction. |
|
Store a new value in pointers immediately after free(). |
|
Immediately cast the result of a memory allocation function call into a pointer to the allocated type. |
|
Clear sensitive information stored in reusable resources. |
|
Beware of zero-length allocations. |
|
Avoid large stack allocations. |
|
Ensure that sensitive data is not written out to disk. |
|
Ensure that the arguments to calloc(), when multiplied, do not wrap. |
|
Do not assume infinite heap space. |
|
Consider using a goto chain when leaving a function on error when using and releasing resources. |
|
Be careful using functions that use file names for identification. |
|
Canonicalize path names originating from tainted sources. |
|
Create files with appropriate access permissions. |
|
Take care when specifying the mode parameter of fopen(). |
|
Avoid unintentional truncation when using fgets() or fgetws(). |
|
Do not create temporary files in shared directories. |
|
Do not open a file that is already open. |
|
Do not make assumptions about the size of an environment variable. |
|
Mask signals handled by noninterruptible signal handlers. |
|
Avoid using signals to implement normal functionality. |
|
Adopt and implement a consistent and comprehensive error-handling policy. |
|
Prefer functions that support error checking over equivalent functions that don't. |
|
Functions that read or write to or from an array should take an argument to specify the source or target size. |
|
Provide a consistent and usable error-checking mechanism. |
|
Use conformant array parameters. |
|
Compatible values should have the same type. |
|
Acquire and release synchronization primitives in the same module, at the same level of abstraction. |
|
Do not perform operations that can block while holding a lock. |
|
Compile cleanly at high warning levels. |
|
Strive for logical completeness. |
|
Use comments consistently and in a readable fashion. |
|
Detect and remove code that has no effect or is never executed. |
|
Detect and remove unused values. |
|
Do not depend on undefined behavior. |
|
Finish every set of statements associated with a case label with a break statement. |
|
Be careful while handling sensitive data, such as passwords, in program code. |
|
Do not use a switch statement to transfer control into a complex block. |
|
Use robust loop termination conditions. |
|
Use the setjmp(), longjmp() facility securely. |
|
Do not use deprecated or obsolescent functions. |
|
Check for the existence of links when dealing with files. |
|
Follow the principle of least privilege. |
|
Limit access to files by creating a jail. |
|
Be specific when dynamically loading libraries. |
|
Do not forcibly terminate execution. |
|
Restrict privileges when spawning child processes. |
Section |
Rules Supported All |
% Coverage | |
All |
153 |
199 |
76.9 |
IDS |
11 |
11 |
100.0 |
DCL |
3 |
3 |
100.0 |
EXP |
6 |
7 |
85.7 |
NUM |
13 |
13 |
100.0 |
STR |
5 |
5 |
100.0 |
OBJ |
10 |
13 |
76.9 |
MET |
12 |
14 |
85.7 |
ERR |
10 |
10 |
100.0 |
VNA |
6 |
6 |
100.0 |
LCK |
12 |
12 |
100.0 |
THI |
6 |
6 |
100.0 |
TPS |
5 |
5 |
100.0 |
TSM |
4 |
4 |
100.0 |
FIO |
16 |
15 |
100.0 |
SER |
12 |
13 |
92.3 |
SEC |
8 |
8 |
100.0 |
ENV |
3 |
7 |
42.9 |
JNI |
2 |
5 |
40.0 |
MSC |
9 |
12 |
75.0 |
DRD |
0 |
30 |
0.0 |
Rule | Description |
Prevent SQL injection. |
|
Normalize strings before validating them. |
|
Do not log unsanitized user input. |
|
Safely extract files from ZipInputStream. |
|
Exclude unsanitized user input from format strings. |
|
Sanitize untrusted data passed to the Runtime.exec() method. |
|
Sanitize untrusted data included in a regular expression. |
|
Perform any string modifications before validation. |
|
Do not trust the contents of hidden form fields. |
|
Prevent XML Injection. |
|
Prevent XML External Entity Attacks. |
|
Prevent class initialization cycles. |
|
Do not reuse public identifiers from the Java Standard Library. |
|
Do not modify the collection's elements during an enhanced for statement. |
|
Do not ignore values returned by methods. |
|
Do not use a null in a case where an object is required. |
|
Do not use the Object.equals() method to compare two arrays. |
|
Do not use the equality operators when comparing values of boxed primitives. |
|
Do not follow a write by a subsequent write or read of the same object within an expression. |
|
Expressions used in assertions must not produce side effects. |
|
Detect or prevent integer overflow. |
|
Do not perform bitwise and arithmetic operations on the same data. |
|
Ensure that division and remainder operations do not result in divide-by-zero errors. |
|
Use integer types that can fully represent the possible range of unsigned data. |
|
Do not use floating-point numbers if precise computation is required. |
|
Do not attempt comparisons with NaN. |
|
Check floating-point inputs for exceptional values. |
|
Do not use floating-point variables as loop counters. |
|
Do not construct BigDecimal objects from floating-point literals. |
|
Do not compare or inspect the string representation of floating-point values. |
|
Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data. |
|
Avoid loss of precision when converting primitive integers to floating-point. |
|
Use shift operators correctly. |
|
Don't form strings containing partial characters from variable-width encodings. |
|
Do not assume that a Java char fully represents a Unicode code point. |
|
Specify an appropriate locale when comparing locale-dependent data. |
|
Do not encode noncharacter data as a string. |
|
Use compatible character encodings when communicating string data between JVMs. |
|
Limit accessibility of fields. |
|
Provide mutable classes with copy functionality to safely allow passing instances to untrusted code. |
|
Do not return references to private mutable class members. |
|
Defensively copy mutable inputs and mutable internal components. |
|
Sensitive classes must not let themselves be copied. |
|
Do not expose private members of an outer class from within a nested class. |
|
Compare classes and not class names. |
|
Do not use public static nonfinal fields. |
|
Be wary of letting constructors throw exceptions. |
|
Ensure that references to mutable objects are not exposed. |
|
Validate method arguments. |
|
Never use assertions to validate method arguments. |
|
Do not use deprecated or obsolete classes or methods. |
|
Methods that perform a security check must be declared private or final. |
|
Do not increase the accessibility of overridden or hidden methods. |
|
Ensure that constructors do not call overridable methods. |
|
Do not invoke overridable methods in clone(). |
|
Never declare a class method that hides a method declared in a superclass or superinterface. |
|
Preserve the equality contract when overriding the equals() method. |
|
Classes that define an equals() method must also define a hashCode() method. |
|
Ensure that keys used in comparison operations are immutable. |
|
Do not use finalizers. |
|
Do not suppress or ignore checked exceptions. |
|
Do not allow exceptions to expose sensitive information. |
|
Prevent exceptions while logging data. |
|
Restore prior object state on method failure. |
|
Do not complete abruptly from a finally block. |
|
Do not let checked exceptions escape from a finally block. |
|
Do not throw undeclared checked exceptions. |
|
Do not throw RuntimeException, Exception, or Throwable. |
|
Do not catch NullPointerException or any of its ancestors. |
|
Do not allow untrusted code to terminate the JVM. |
|
Ensure visibility when accessing shared primitive variables. |
|
Ensure visibility of shared references to immutable objects. |
|
Ensure that compound operations on shared variables are atomic. |
|
Do not assume that a group of calls to independently atomic methods is atomic. |
|
Ensure that calls to chained methods are atomic. |
|
Ensure atomicity when reading and writing 64-bit values. |
|
Use private final lock objects to synchronize classes that may interact with untrusted code. |
|
Do not synchronize on objects that may be reused. |
|
Do not synchronize on the class object returned by getClass(). |
|
Do not synchronize on the intrinsic locks of high-level concurrency objects. |
|
Do not synchronize on a collection view if the backing collection is accessible. |
|
Synchronize access to static fields that can be modified by untrusted code. |
|
Do not use an instance lock to protect shared static data. |
|
Avoid deadlock by requesting and releasing locks in the same order. |
|
Ensure actively held locks are released on exceptional conditions. |
|
Do not perform operations that can block while holding a lock. |
|
Use a correct form of the double-checked locking idiom. |
|
Avoid client-side locking when using classes that do not commit to their locking strategy. |
|
Do not invoke Thread.run(). |
|
Do not invoke ThreadGroup methods. |
|
Notify all waiting threads rather than a single thread. |
|
Always invoke wait() and await() methods inside a loop. |
|
Ensure that threads performing blocking operations can be terminated. |
|
Do not use Thread.stop() to terminate threads. |
|
Use thread pools to enable graceful degradation of service during traffic bursts. |
|
Do not execute interdependent tasks in a bounded thread pool. |
|
Ensure that tasks submitted to a thread pool are interruptible. |
|
Ensure that tasks executing in a thread pool do not fail silently. |
|
Ensure ThreadLocal variables are reinitialized when using thread pools. |
|
Do not override thread-safe methods with methods that are not thread-safe. |
|
Do not let the this reference escape during object construction. |
|
Do not use background threads during class initialization. |
|
Do not publish partially initialized objects. |
|
Do not operate on files in shared directories. |
|
Create files with appropriate access permissions. |
|
Detect and handle file-related errors. |
|
Remove temporary files before termination. |
|
Release resources when they are no longer needed. |
|
Do not expose buffers or their backing arrays methods to untrusted code. |
|
Do not create multiple buffered wrappers on a single byte or character stream. |
|
Do not let external processes block on IO buffers. |
|
Distinguish between characters or bytes read from a stream and -1. |
|
Do not rely on the write() method to output integers outside the range 0 to 255. |
|
Ensure the array is filled when using read() to fill an array. |
|
Provide methods to read and write little-endian data. |
|
Do not log sensitive information outside a trust boundary. |
|
Perform proper cleanup at program termination. |
|
Do not reset a servlet's output stream after committing it. |
|
Canonicalize path names before validating them. |
|
Enable serialization compatibility during class evolution. |
|
Do not deviate from the proper signatures of serialization methods. |
|
Sign then seal objects before sending them outside a trust boundary. |
|
Do not allow serialization and deserialization to bypass the security manager. |
|
Do not serialize instances of inner classes. |
|
Make defensive copies of private mutable components during deserialization. |
|
Do not use the default serialized form for classes with implementation-defined invariants. |
|
Minimize privileges before deserializing from a privileged context. |
|
Do not invoke overridable methods from the readObject() method. |
|
Avoid memory and resource leaks during serialization. |
|
Prevent overwriting of externalizable objects. |
|
Prevent deserialization of untrusted data. |
|
Do not allow privileged blocks to leak sensitive information across a trust boundary. |
|
Do not allow tainted variables in privileged blocks. |
|
Do not base security checks on untrusted sources. |
|
Do not load trusted classes after allowing untrusted code to load arbitrary classes. |
|
Protect sensitive operations with security manager checks. |
|
Do not use reflection to increase accessibility of classes, methods, or fields. |
|
Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar. |
|
Call the superclass's getPermissions() method when writing a custom class loader. |
|
Do not trust the values of environment variables. |
|
Do not grant dangerous combinations of permissions. |
|
Production code must not contain debugging entry points. |
|
Define wrappers around native methods. |
|
Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary). |
|
Use SSLSocket rather than Socket for secure data exchange. |
|
Do not use an empty infinite loop. |
|
Generate strong random numbers. |
|
Never hard code sensitive information. |
|
Do not leak memory. |
|
Do not exhaust heap space. |
|
Do not modify the underlying collection when an iteration is in progress. |
|
Prevent multiple instantiations of singleton objects. |
|
Do not let session information leak within a servlet. |