Normative Guidelines

Normative Guidelines

• FIO52-J. Do not store unencrypted sensitive information on the client side
• IDS01-J. Normalize strings before validating them
• IDS50-J. Use conservative file naming conventions
• LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
• LCK01-J. Do not synchronize on objects that may be reused
• LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects
• NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms
• SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
• STR51-J. Use the charset encoder and decoder classes when more control over the encoding process is required
• VOID 2 MET06-J. Do not call overridable methods from a privileged block
• VOID 2 MET21-J. Do not invoke equals() or hashCode() on URLs
• VOID ERR51-J. Use a class dedicated to reporting exceptions
• VOID IDS03-J. Sanitize non-character code points before performing other sanitization
• void IDS12-J. Perform lossless conversion of String data between differing character encodings
• VOID IDS53-J. Account for supplementary and combining characters in globalized code
• void OBJ08-J. Do not leak references to inner class objects when the outer class object maintains sensitive data
• void SER04-J. Validate deserialized objects