Environment (ENV)

Risk Assessment Summary

Rule	Severity	Likelihood	Detectable	Repairable	Priority	Level
ENV01-C	High	Likely	No	No	P9	L2
ENV02-C	Low	Unlikely	Yes	No	P2	L3
ENV03-C	High	Likely	No	No	P9	L2


DUMMY ENV03-J
ENV00-J. Do not sign code that performs only unprivileged operations
ENV01-C. Do not make assumptions about the size of an environment variable
ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it
ENV02-C. Beware of multiple environment variables with the same effective name
ENV02-J. Do not trust the values of environment variables
ENV03-C. Sanitize the environment when invoking external programs
ENV03-J. Do not grant dangerous combinations of permissions
ENV04-J. Do not disable bytecode verification
ENV05-J. Do not deploy an application that can be remotely monitored
ENV06-J. Production code must not contain debugging entry points
ENV30-C. Do not modify the object referenced by the return value of certain functions
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
ENV32-C. All exit handlers must return normally
ENV33-C. Do not call system()
ENV34-C. Do not store pointers returned by certain functions
Rec. 10. Environment (ENV)
Rec. 10. Environment (ENV)
Rule 10. Environment (ENV)
Rule 10. Environment (ENV)
Rule 16. Runtime Environment (ENV)