[{"data":1,"prerenderedAt":3777},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec52-j":28,"surround-\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec52-j":2199,"sidebar-sei-cert-oracle-coding-standard-for-java":2206},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":41,"extension":2181,"meta":2182,"navigation":7,"path":2195,"seo":2196,"stem":2197,"__hash__":2198},"content\u002F6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F04.sec52-j.md","SEC52-J. Do not expose methods that use reduced-security checks to untrusted code",{"type":32,"value":33,"toc":2169},"minimark",[34,38,42,45,123,141,145,148,151,250,260,263,266,274,288,293,304,422,428,434,438,455,532,535,542,600,611,614,617,688,692,707,714,729,859,866,1135,1145,1342,1356,1360,1374,1555,1559,1578,1854,1864,1868,1874,1961,1965,1968,1975,2015,2018,2022,2140,2143,2165],[35,36,30],"h1",{"id":37},"sec52-j-do-not-expose-methods-that-use-reduced-security-checks-to-untrusted-code",[39,40,41],"p",{},"Most methods lack security manager checks because they do not provide access to sensitive parts of the system, such as the file system. Most methods that do provide security manager checks verify that every class and method in the call stack is authorized before they proceed. This security model allows restricted programs, such as Java applets, to have full access to the core Java library. It also prevents a sensitive method from acting on behalf of a malicious method that hides behind trusted methods in the call stack.",[39,43,44],{},"However, certain methods use a reduced-security check that checks only that the calling method is authorized rather than checking every method in the call stack. Any code that invokes these methods must guarantee that they cannot be invoked on behalf of untrusted code. These methods are listed in the following table.",[46,47,48,57],"table",{},[49,50,51],"thead",{},[52,53,54],"tr",{},[55,56],"th",{},[58,59,60,66,74,81,88,95,102,109,116],"tbody",{},[52,61,62],{},[63,64,65],"td",{},"Methods That Check the Calling Method Only",[52,67,68],{},[63,69,70],{},[71,72,73],"code",{},"java.lang.Class.newInstance",[52,75,76],{},[63,77,78],{},[71,79,80],{},"java.lang.reflect.Constructor.newInstance",[52,82,83],{},[63,84,85],{},[71,86,87],{},"java.lang.reflect.Field.get*",[52,89,90],{},[63,91,92],{},[71,93,94],{},"java.lang.reflect.Field.set*",[52,96,97],{},[63,98,99],{},[71,100,101],{},"java.lang.reflect.Method.invoke",[52,103,104],{},[63,105,106],{},[71,107,108],{},"java.util.concurrent.atomic.AtomicIntegerFieldUpdater.newUpdater",[52,110,111],{},[63,112,113],{},[71,114,115],{},"java.util.concurrent.atomic.AtomicLongFieldUpdater.newUpdater",[52,117,118],{},[63,119,120],{},[71,121,122],{},"java.util.concurrent.atomic.AtomicReferenceFieldUpdater.newUpdater",[39,124,125,126,129,130,133,134,129,137,140],{},"Because the ",[71,127,128],{},"java.lang.reflect.Field.setAccessible()"," and ",[71,131,132],{},"getAccessible()"," methods are used to instruct the Java Virtual Machine (JVM) to override the language access checks, they perform standard (and more restrictive) security manager checks and consequently lack the vulnerability described by this guideline. Nevertheless, these methods should also be used with extreme caution. The remaining ",[71,135,136],{},"set*",[71,138,139],{},"get*"," field reflection methods perform only the language access checks and are consequently vulnerable.",[35,142,144],{"id":143},"class-loaders","Class Loaders",[39,146,147],{},"Class loaders allow a Java application to be dynamically extended at runtime by loading additional classes. For each class that is loaded, the JVM tracks the class loader that was used to load the class. When a loaded class first refers to another class, the virtual machine requests that the referenced class be loaded by the same class loader that was used to load the referencing class. Java's class loader architecture controls interaction between code loaded from different sources by allowing the use of different class loaders. This separation of class loaders is fundamental to the separation of code: it prevents malicious code from gaining access to and subverting trusted code.",[39,149,150],{},"Several methods that are charged with loading classes delegate their work to the class loader of the class of the method that called them. The security checks associated with loading classes are performed by class loaders. Consequently, any method that invokes one of these class loading methods must guarantee that these methods cannot act on behalf of untrusted code. These methods are listed in the following table.",[46,152,153,159],{},[49,154,155],{},[52,156,157],{},[55,158],{},[58,160,161,166,173,180,187,194,201,208,215,222,229,236,243],{},[52,162,163],{},[63,164,165],{},"Methods That Use the Calling Method's Class Loader",[52,167,168],{},[63,169,170],{},[71,171,172],{},"java.lang.Class.forName",[52,174,175],{},[63,176,177],{},[71,178,179],{},"java.lang.Package.getPackage",[52,181,182],{},[63,183,184],{},[71,185,186],{},"java.lang.Package.getPackages",[52,188,189],{},[63,190,191],{},[71,192,193],{},"java.lang.Runtime.load",[52,195,196],{},[63,197,198],{},[71,199,200],{},"java.lang.Runtime.loadLibrary",[52,202,203],{},[63,204,205],{},[71,206,207],{},"java.lang.System.load",[52,209,210],{},[63,211,212],{},[71,213,214],{},"java.lang.System.loadLibrary",[52,216,217],{},[63,218,219],{},[71,220,221],{},"java.sql.DriverManager.getConnection",[52,223,224],{},[63,225,226],{},[71,227,228],{},"java.sql.DriverManager.getDriver",[52,230,231],{},[63,232,233],{},[71,234,235],{},"java.sql.DriverManager.getDrivers",[52,237,238],{},[63,239,240],{},[71,241,242],{},"java.sql.DriverManager.deregisterDriver",[52,244,245],{},[63,246,247],{},[71,248,249],{},"java.util.ResourceBundle.getBundle",[39,251,252,253,129,256,259],{},"With the exception of the ",[71,254,255],{},"loadLibrary()",[71,257,258],{},"load()"," methods, the tabulated methods do not perform any security manager checks; they delegate security checks to the appropriate class loader.",[39,261,262],{},"In practice, the trusted code's class loader frequently allows these methods to be invoked, whereas the untrusted code's class loader may lack these privileges. However, when the untrusted code's class loader delegates to the trusted code's class loader, the untrusted code gains visibility to the trusted code. In the absence of such a delegation relationship, the class loaders would ensure namespace separation; consequently, the untrusted code would be unable to observe members or to invoke methods belonging to the trusted code.",[39,264,265],{},"The class loader delegation model is fundamental to many Java implementations and frameworks. Avoid exposing the methods listed in the preceding tables to untrusted code. Consider, for example, an attack scenario where untrusted code is attempting to load a privileged class. If its class loader lacks permission to load the requested privileged class on its own, but the class loader is permitted to delegate the class loading to a trusted class's class loader, privilege escalation can occur. Furthermore, if the trusted code accepts tainted inputs, the trusted code's class loader could be persuaded to load privileged, malicious classes on behalf of the untrusted code.",[39,267,268,269,129,271,273],{},"Classes that have the same defining class loader will exist in the same namespace, but they can have different privileges depending on the security policy. Security vulnerabilities can arise when privileged code coexists with unprivileged code (or less privileged code) that was loaded by the same class loader. In this case, the less privileged code can freely access members of the privileged code according to the privileged code's declared accessibility. When the privileged code uses any of the tabulated APIs, it bypasses security manager checks (with the exception of ",[71,270,255],{},[71,272,258],{}," ).",[39,275,276,277,282,283,287],{},"This guideline is similar to ",[278,279,281],"a",{"href":280},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec03-j","SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes"," . Many examples also violate ",[278,284,286],{"href":285},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec00-j","SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary"," .",[289,290,292],"h2",{"id":291},"noncompliant-code-example","Noncompliant Code Example",[39,294,295,296,299,300,303],{},"In this noncompliant code example, a call to ",[71,297,298],{},"System.loadLibrary()"," is embedded in a ",[71,301,302],{},"doPrivileged"," block.",[305,306,308],"code-block",{"quality":307},"bad",[309,310,315],"pre",{"className":311,"code":312,"language":313,"meta":314,"style":314},"language-java shiki shiki-themes github-light github-dark monokai","public void load(String libName) {\n  AccessController.doPrivileged(new PrivilegedAction() {\n    public Object run() { \n      System.loadLibrary(libName);\n      return null; \n    }\n  });\n}\n","java","",[71,316,317,345,364,379,391,404,410,416],{"__ignoreMap":314},[318,319,322,326,330,334,338,342],"span",{"class":320,"line":321},"line",1,[318,323,325],{"class":324},"sC2Qs","public",[318,327,329],{"class":328},"sq6CD"," void",[318,331,333],{"class":332},"srTi1"," load",[318,335,337],{"class":336},"sMOD_","(",[318,339,341],{"class":340},"sk8M1","String",[318,343,344],{"class":336}," libName) {\n",[318,346,348,351,353,355,358,361],{"class":320,"line":347},2,[318,349,350],{"class":336},"  AccessController.",[318,352,302],{"class":332},[318,354,337],{"class":336},[318,356,357],{"class":324},"new",[318,359,360],{"class":332}," PrivilegedAction",[318,362,363],{"class":336},"() {\n",[318,365,367,370,373,376],{"class":320,"line":366},3,[318,368,369],{"class":324},"    public",[318,371,372],{"class":340}," Object",[318,374,375],{"class":332}," run",[318,377,378],{"class":336},"() { \n",[318,380,382,385,388],{"class":320,"line":381},4,[318,383,384],{"class":336},"      System.",[318,386,387],{"class":332},"loadLibrary",[318,389,390],{"class":336},"(libName);\n",[318,392,394,397,401],{"class":320,"line":393},5,[318,395,396],{"class":324},"      return",[318,398,400],{"class":399},"s7F3e"," null",[318,402,403],{"class":336},"; \n",[318,405,407],{"class":320,"line":406},6,[318,408,409],{"class":336},"    }\n",[318,411,413],{"class":320,"line":412},7,[318,414,415],{"class":336},"  });\n",[318,417,419],{"class":320,"line":418},8,[318,420,421],{"class":336},"}\n",[39,423,424,425,427],{},"This code is insecure because it could load a library on behalf of untrusted code. In essence, the untrusted code's class loader may be able to use this code to load a library even though it lacks sufficient permissions to do so directly. After loading the library, the untrusted code can call native methods from the library, if those methods are accessible, because the ",[71,426,302],{}," block stops any security manager checks from being applied to callers further up the execution stack.",[39,429,430,431,433],{},"Nonnative library code can also be susceptible to related security flaws. Suppose there exists a library that contains a vulnerability that is not directly exposed, perhaps because it lies in an unused method. Loading this library may not directly expose a vulnerability. However, an attacker could then load an additional library that exploits the first library's vulnerability. Moreover, nonnative libraries often use ",[71,432,302],{}," blocks, making them attractive targets.",[289,435,437],{"id":436},"compliant-solution","Compliant Solution",[39,439,440,441,443,444,446,447,450,451,454],{},"This compliant solution hard codes the name of the library to prevent the possibility of tainted values. It also reduces the accessibility of the ",[71,442,258],{}," method from ",[71,445,325],{}," to ",[71,448,449],{},"private"," . Consequently, untrusted callers are prohibited from loading the ",[71,452,453],{},"awt"," library.",[305,456,458],{"quality":457},"good",[309,459,461],{"className":311,"code":460,"language":313,"meta":314,"style":314},"private void load() {\n  AccessController.doPrivileged(new PrivilegedAction() {\n    public Object run() { \n      System.loadLibrary(\"awt\");\n      return null; \n    }\n  });\n}\n",[71,462,463,473,487,497,512,520,524,528],{"__ignoreMap":314},[318,464,465,467,469,471],{"class":320,"line":321},[318,466,449],{"class":324},[318,468,329],{"class":328},[318,470,333],{"class":332},[318,472,363],{"class":336},[318,474,475,477,479,481,483,485],{"class":320,"line":347},[318,476,350],{"class":336},[318,478,302],{"class":332},[318,480,337],{"class":336},[318,482,357],{"class":324},[318,484,360],{"class":332},[318,486,363],{"class":336},[318,488,489,491,493,495],{"class":320,"line":366},[318,490,369],{"class":324},[318,492,372],{"class":340},[318,494,375],{"class":332},[318,496,378],{"class":336},[318,498,499,501,503,505,509],{"class":320,"line":381},[318,500,384],{"class":336},[318,502,387],{"class":332},[318,504,337],{"class":336},[318,506,508],{"class":507},"sstjo","\"awt\"",[318,510,511],{"class":336},");\n",[318,513,514,516,518],{"class":320,"line":393},[318,515,396],{"class":324},[318,517,400],{"class":399},[318,519,403],{"class":336},[318,521,522],{"class":320,"line":406},[318,523,409],{"class":336},[318,525,526],{"class":320,"line":412},[318,527,415],{"class":336},[318,529,530],{"class":320,"line":418},[318,531,421],{"class":336},[289,533,292],{"id":534},"noncompliant-code-example-1",[39,536,537,538,541],{},"This noncompliant code example returns an instance of ",[71,539,540],{},"java.sql.Connection"," from trusted to untrusted code.",[305,543,544],{"quality":307},[309,545,547],{"className":311,"code":546,"language":313,"meta":314,"style":314},"public Connection getConnection(String url, String username, String password) {\n  \u002F\u002F ...\n  return DriverManager.getConnection(url, username, password);\n}\n",[71,548,549,576,582,596],{"__ignoreMap":314},[318,550,551,553,556,559,561,563,566,568,571,573],{"class":320,"line":321},[318,552,325],{"class":324},[318,554,555],{"class":340}," Connection",[318,557,558],{"class":332}," getConnection",[318,560,337],{"class":336},[318,562,341],{"class":340},[318,564,565],{"class":336}," url, ",[318,567,341],{"class":340},[318,569,570],{"class":336}," username, ",[318,572,341],{"class":340},[318,574,575],{"class":336}," password) {\n",[318,577,578],{"class":320,"line":347},[318,579,581],{"class":580},"s8-w5","  \u002F\u002F ...\n",[318,583,584,587,590,593],{"class":320,"line":366},[318,585,586],{"class":324},"  return",[318,588,589],{"class":336}," DriverManager.",[318,591,592],{"class":332},"getConnection",[318,594,595],{"class":336},"(url, username, password);\n",[318,597,598],{"class":320,"line":381},[318,599,421],{"class":336},[39,601,602,603,606,607,610],{},"Untrusted code that lacks the permissions required to create a SQL connection can bypass these restrictions by using the acquired instance directly. The ",[71,604,605],{},"getConnection()"," method is unsafe because it uses the ",[71,608,609],{},"url"," argument to indicate a class to be loaded; this class serves as the database driver.",[289,612,437],{"id":613},"compliant-solution-1",[39,615,616],{},"This compliant solution prevents malicious users from supplying their own URL to the database connection, thereby limiting their ability to load untrusted drivers.",[305,618,619],{"quality":457},[309,620,622],{"className":311,"code":621,"language":313,"meta":314,"style":314},"private String url = \u002F\u002F Hardwired value\n\npublic Connection getConnection(String username, String password) {\n  \u002F\u002F ...\n  return DriverManager.getConnection(this.url, username, password);\n}\n",[71,623,624,640,645,663,667,684],{"__ignoreMap":314},[318,625,626,628,631,634,637],{"class":320,"line":321},[318,627,449],{"class":324},[318,629,630],{"class":340}," String",[318,632,633],{"class":336}," url ",[318,635,636],{"class":324},"=",[318,638,639],{"class":580}," \u002F\u002F Hardwired value\n",[318,641,642],{"class":320,"line":347},[318,643,644],{"emptyLinePlaceholder":7},"\n",[318,646,647,649,651,653,655,657,659,661],{"class":320,"line":366},[318,648,325],{"class":324},[318,650,555],{"class":340},[318,652,558],{"class":332},[318,654,337],{"class":336},[318,656,341],{"class":340},[318,658,570],{"class":336},[318,660,341],{"class":340},[318,662,575],{"class":336},[318,664,665],{"class":320,"line":381},[318,666,581],{"class":580},[318,668,669,671,673,675,677,681],{"class":320,"line":393},[318,670,586],{"class":324},[318,672,589],{"class":336},[318,674,592],{"class":332},[318,676,337],{"class":336},[318,678,680],{"class":679},"sP7S_","this",[318,682,683],{"class":336},".url, username, password);\n",[318,685,686],{"class":320,"line":406},[318,687,421],{"class":336},[289,689,691],{"id":690},"noncompliant-code-example-cert-vulnerability-636312","Noncompliant Code Example (CERT Vulnerability 636312)",[39,693,694,695,701,702,706],{},"CERT Vulnerability Note ",[278,696,700],{"href":697,"rel":698},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F636312",[699],"nofollow","VU#636312"," describes a vulnerability in Java 1.7.0 update 6 that was widely exploited in August 2012. The exploit actually used two vulnerabilities; the other one is described in ",[278,703,705],{"href":704},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec05-j","SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields"," .)",[39,708,709,710,713],{},"The exploit runs as a Java applet. The applet class loader ensures that an applet cannot directly invoke methods of classes present in the ",[71,711,712],{},"com.sun.*"," package. A normal security manager check ensures that specific actions are allowed or denied depending on the privileges of all of the caller methods on the call stack (the privileges are associated with the code source that encompasses the class).",[39,715,716,717,720,721,724,725,728],{},"The first goal of the exploit code was to access the private ",[71,718,719],{},"sun.awt.SunToolkit"," class. However, invoking ",[71,722,723],{},"class.forName()"," directly on the name of this class would cause a ",[71,726,727],{},"SecurityException"," to be thrown. Consequently, the exploit code used the following method to access any class, bypassing the security manager:",[305,730,731],{"quality":307},[309,732,734],{"className":311,"code":733,"language":313,"meta":314,"style":314},"private Class GetClass(String paramString)\n    throws Throwable\n{\n    Object arrayOfObject[] = new Object[1];\n    arrayOfObject[0] = paramString;\n    Expression localExpression = new Expression(Class.class, \"forName\", arrayOfObject);\n    localExpression.execute();\n    return (Class)localExpression.getValue();\n}\n",[71,735,736,753,761,766,790,806,830,841,854],{"__ignoreMap":314},[318,737,738,740,743,746,748,750],{"class":320,"line":321},[318,739,449],{"class":324},[318,741,742],{"class":340}," Class",[318,744,745],{"class":332}," GetClass",[318,747,337],{"class":336},[318,749,341],{"class":340},[318,751,752],{"class":336}," paramString)\n",[318,754,755,758],{"class":320,"line":347},[318,756,757],{"class":336},"    throws ",[318,759,760],{"class":340},"Throwable\n",[318,762,763],{"class":320,"line":366},[318,764,765],{"class":336},"{\n",[318,767,768,771,774,776,779,781,784,787],{"class":320,"line":381},[318,769,770],{"class":340},"    Object",[318,772,773],{"class":336}," arrayOfObject[] ",[318,775,636],{"class":324},[318,777,778],{"class":324}," new",[318,780,372],{"class":328},[318,782,783],{"class":336},"[",[318,785,786],{"class":399},"1",[318,788,789],{"class":336},"];\n",[318,791,792,795,798,801,803],{"class":320,"line":393},[318,793,794],{"class":336},"    arrayOfObject[",[318,796,797],{"class":399},"0",[318,799,800],{"class":336},"] ",[318,802,636],{"class":324},[318,804,805],{"class":336}," paramString;\n",[318,807,808,811,814,816,818,821,824,827],{"class":320,"line":406},[318,809,810],{"class":340},"    Expression",[318,812,813],{"class":336}," localExpression ",[318,815,636],{"class":324},[318,817,778],{"class":324},[318,819,820],{"class":332}," Expression",[318,822,823],{"class":336},"(Class.class, ",[318,825,826],{"class":507},"\"forName\"",[318,828,829],{"class":336},", arrayOfObject);\n",[318,831,832,835,838],{"class":320,"line":412},[318,833,834],{"class":336},"    localExpression.",[318,836,837],{"class":332},"execute",[318,839,840],{"class":336},"();\n",[318,842,843,846,849,852],{"class":320,"line":418},[318,844,845],{"class":324},"    return",[318,847,848],{"class":336}," (Class)localExpression.",[318,850,851],{"class":332},"getValue",[318,853,840],{"class":336},[318,855,857],{"class":320,"line":856},9,[318,858,421],{"class":336},[39,860,861,862,865],{},"The ",[71,863,864],{},"java.beans.Expression.execute()"," method delegates its work to the following method:",[305,867,868],{"quality":307},[309,869,871],{"className":311,"code":870,"language":313,"meta":314,"style":314},"private Object invokeInternal() throws Exception {\n  Object target = getTarget();\n  String methodName = getMethodName();\n\n  if (target == null || methodName == null) {\n    throw new NullPointerException(\n      (target == null ? \"target\" : \"methodName\") + \n       \" should not be null\");\n  }\n\n  Object[] arguments = getArguments();\n  if (arguments == null) {\n    arguments = emptyArray;\n  }\n  \u002F\u002F Class.forName() won't load classes outside\n  \u002F\u002F of core from a class inside core, so it\n  \u002F\u002F is handled as a special case.\n  if (target == Class.class && methodName.equals(\"forName\")) {\n    return ClassFinder.resolveClass((String)arguments[0], this.loader);\n  }\n\n\u002F\u002F ...\n",[71,872,873,885,900,915,919,944,957,987,994,999,1004,1019,1033,1044,1049,1055,1061,1067,1095,1119,1124,1129],{"__ignoreMap":314},[318,874,875,877,879,882],{"class":320,"line":321},[318,876,449],{"class":324},[318,878,372],{"class":340},[318,880,881],{"class":332}," invokeInternal",[318,883,884],{"class":336},"() throws Exception {\n",[318,886,887,890,893,895,898],{"class":320,"line":347},[318,888,889],{"class":340},"  Object",[318,891,892],{"class":336}," target ",[318,894,636],{"class":324},[318,896,897],{"class":332}," getTarget",[318,899,840],{"class":336},[318,901,902,905,908,910,913],{"class":320,"line":366},[318,903,904],{"class":340},"  String",[318,906,907],{"class":336}," methodName ",[318,909,636],{"class":324},[318,911,912],{"class":332}," getMethodName",[318,914,840],{"class":336},[318,916,917],{"class":320,"line":381},[318,918,644],{"emptyLinePlaceholder":7},[318,920,921,924,927,930,932,935,937,939,941],{"class":320,"line":393},[318,922,923],{"class":324},"  if",[318,925,926],{"class":336}," (target ",[318,928,929],{"class":324},"==",[318,931,400],{"class":399},[318,933,934],{"class":324}," ||",[318,936,907],{"class":336},[318,938,929],{"class":324},[318,940,400],{"class":399},[318,942,943],{"class":336},") {\n",[318,945,946,949,951,954],{"class":320,"line":406},[318,947,948],{"class":324},"    throw",[318,950,778],{"class":324},[318,952,953],{"class":332}," NullPointerException",[318,955,956],{"class":336},"(\n",[318,958,959,962,964,966,969,972,975,978,981,984],{"class":320,"line":412},[318,960,961],{"class":336},"      (target ",[318,963,929],{"class":324},[318,965,400],{"class":399},[318,967,968],{"class":324}," ?",[318,970,971],{"class":507}," \"target\"",[318,973,974],{"class":324}," :",[318,976,977],{"class":507}," \"methodName\"",[318,979,980],{"class":336},") ",[318,982,983],{"class":324},"+",[318,985,986],{"class":336}," \n",[318,988,989,992],{"class":320,"line":418},[318,990,991],{"class":507},"       \" should not be null\"",[318,993,511],{"class":336},[318,995,996],{"class":320,"line":856},[318,997,998],{"class":336},"  }\n",[318,1000,1002],{"class":320,"line":1001},10,[318,1003,644],{"emptyLinePlaceholder":7},[318,1005,1007,1009,1012,1014,1017],{"class":320,"line":1006},11,[318,1008,889],{"class":328},[318,1010,1011],{"class":336},"[] arguments ",[318,1013,636],{"class":324},[318,1015,1016],{"class":332}," getArguments",[318,1018,840],{"class":336},[318,1020,1022,1024,1027,1029,1031],{"class":320,"line":1021},12,[318,1023,923],{"class":324},[318,1025,1026],{"class":336}," (arguments ",[318,1028,929],{"class":324},[318,1030,400],{"class":399},[318,1032,943],{"class":336},[318,1034,1036,1039,1041],{"class":320,"line":1035},13,[318,1037,1038],{"class":336},"    arguments ",[318,1040,636],{"class":324},[318,1042,1043],{"class":336}," emptyArray;\n",[318,1045,1047],{"class":320,"line":1046},14,[318,1048,998],{"class":336},[318,1050,1052],{"class":320,"line":1051},15,[318,1053,1054],{"class":580},"  \u002F\u002F Class.forName() won't load classes outside\n",[318,1056,1058],{"class":320,"line":1057},16,[318,1059,1060],{"class":580},"  \u002F\u002F of core from a class inside core, so it\n",[318,1062,1064],{"class":320,"line":1063},17,[318,1065,1066],{"class":580},"  \u002F\u002F is handled as a special case.\n",[318,1068,1070,1072,1074,1076,1079,1082,1085,1088,1090,1092],{"class":320,"line":1069},18,[318,1071,923],{"class":324},[318,1073,926],{"class":336},[318,1075,929],{"class":324},[318,1077,1078],{"class":336}," Class.class ",[318,1080,1081],{"class":324},"&&",[318,1083,1084],{"class":336}," methodName.",[318,1086,1087],{"class":332},"equals",[318,1089,337],{"class":336},[318,1091,826],{"class":507},[318,1093,1094],{"class":336},")) {\n",[318,1096,1098,1100,1103,1106,1109,1111,1114,1116],{"class":320,"line":1097},19,[318,1099,845],{"class":324},[318,1101,1102],{"class":336}," ClassFinder.",[318,1104,1105],{"class":332},"resolveClass",[318,1107,1108],{"class":336},"((String)arguments[",[318,1110,797],{"class":399},[318,1112,1113],{"class":336},"], ",[318,1115,680],{"class":679},[318,1117,1118],{"class":336},".loader);\n",[318,1120,1122],{"class":320,"line":1121},20,[318,1123,998],{"class":336},[318,1125,1127],{"class":320,"line":1126},21,[318,1128,644],{"emptyLinePlaceholder":7},[318,1130,1132],{"class":320,"line":1131},22,[318,1133,1134],{"class":580},"\u002F\u002F ...\n",[39,1136,861,1137,1140,1141,1144],{},[71,1138,1139],{},"com.sun.beans.finder.ClassFinder.resolveClass()"," method delegates its work to the ",[71,1142,1143],{},"findClass()"," method:",[305,1146,1147],{"quality":307},[309,1148,1150],{"className":311,"code":1149,"language":313,"meta":314,"style":314},"public static Class\u003C?> findClass(String name) \n   throws ClassNotFoundException {\n  try {\n    ClassLoader loader = Thread.currentThread().getContextClassLoader();\n    if (loader == null) {\n      loader = ClassLoader.getSystemClassLoader();\n    }\n    if (loader != null) {\n      return Class.forName(name, false, loader);\n    }\n  } catch (ClassNotFoundException exception) {\n    \u002F\u002F Use current class loader instead\n  } catch (SecurityException exception) {\n    \u002F\u002F Use current class loader instead\n  }\n  return Class.forName(name);\n}\n",[71,1151,1152,1174,1179,1187,1211,1225,1240,1244,1257,1276,1280,1300,1305,1319,1323,1327,1338],{"__ignoreMap":314},[318,1153,1154,1156,1159,1161,1164,1167,1169,1171],{"class":320,"line":321},[318,1155,325],{"class":324},[318,1157,1158],{"class":324}," static",[318,1160,742],{"class":340},[318,1162,1163],{"class":324},"\u003C?>",[318,1165,1166],{"class":332}," findClass",[318,1168,337],{"class":336},[318,1170,341],{"class":340},[318,1172,1173],{"class":336}," name) \n",[318,1175,1176],{"class":320,"line":347},[318,1177,1178],{"class":336},"   throws ClassNotFoundException {\n",[318,1180,1181,1184],{"class":320,"line":366},[318,1182,1183],{"class":324},"  try",[318,1185,1186],{"class":336}," {\n",[318,1188,1189,1192,1195,1197,1200,1203,1206,1209],{"class":320,"line":381},[318,1190,1191],{"class":340},"    ClassLoader",[318,1193,1194],{"class":336}," loader ",[318,1196,636],{"class":324},[318,1198,1199],{"class":336}," Thread.",[318,1201,1202],{"class":332},"currentThread",[318,1204,1205],{"class":336},"().",[318,1207,1208],{"class":332},"getContextClassLoader",[318,1210,840],{"class":336},[318,1212,1213,1216,1219,1221,1223],{"class":320,"line":393},[318,1214,1215],{"class":324},"    if",[318,1217,1218],{"class":336}," (loader ",[318,1220,929],{"class":324},[318,1222,400],{"class":399},[318,1224,943],{"class":336},[318,1226,1227,1230,1232,1235,1238],{"class":320,"line":406},[318,1228,1229],{"class":336},"      loader ",[318,1231,636],{"class":324},[318,1233,1234],{"class":336}," ClassLoader.",[318,1236,1237],{"class":332},"getSystemClassLoader",[318,1239,840],{"class":336},[318,1241,1242],{"class":320,"line":412},[318,1243,409],{"class":336},[318,1245,1246,1248,1250,1253,1255],{"class":320,"line":418},[318,1247,1215],{"class":324},[318,1249,1218],{"class":336},[318,1251,1252],{"class":324},"!=",[318,1254,400],{"class":399},[318,1256,943],{"class":336},[318,1258,1259,1261,1264,1267,1270,1273],{"class":320,"line":856},[318,1260,396],{"class":324},[318,1262,1263],{"class":336}," Class.",[318,1265,1266],{"class":332},"forName",[318,1268,1269],{"class":336},"(name, ",[318,1271,1272],{"class":399},"false",[318,1274,1275],{"class":336},", loader);\n",[318,1277,1278],{"class":320,"line":1001},[318,1279,409],{"class":336},[318,1281,1282,1285,1288,1291,1294,1298],{"class":320,"line":1006},[318,1283,1284],{"class":336},"  } ",[318,1286,1287],{"class":324},"catch",[318,1289,1290],{"class":336}," (",[318,1292,1293],{"class":340},"ClassNotFoundException",[318,1295,1297],{"class":1296},"sTHNf"," exception",[318,1299,943],{"class":336},[318,1301,1302],{"class":320,"line":1021},[318,1303,1304],{"class":580},"    \u002F\u002F Use current class loader instead\n",[318,1306,1307,1309,1311,1313,1315,1317],{"class":320,"line":1035},[318,1308,1284],{"class":336},[318,1310,1287],{"class":324},[318,1312,1290],{"class":336},[318,1314,727],{"class":340},[318,1316,1297],{"class":1296},[318,1318,943],{"class":336},[318,1320,1321],{"class":320,"line":1046},[318,1322,1304],{"class":580},[318,1324,1325],{"class":320,"line":1051},[318,1326,998],{"class":336},[318,1328,1329,1331,1333,1335],{"class":320,"line":1057},[318,1330,586],{"class":324},[318,1332,1263],{"class":336},[318,1334,1266],{"class":332},[318,1336,1337],{"class":336},"(name);\n",[318,1339,1340],{"class":320,"line":1063},[318,1341,421],{"class":336},[39,1343,1344,1345,1348,1349,1351,1352,1355],{},"Although this method is called in the context of an applet, it uses ",[71,1346,1347],{},"Class.forName()"," to obtain the requested class. ",[71,1350,1347],{}," delegates the search to the calling method's class loader. In this case, the calling class ( ",[71,1353,1354],{},"com.sun.beans.finder.ClassFinder"," ) is part of core Java, so the trusted class loader is used in place of the more restrictive applet class loader, and the trusted class loader loads the class, unaware that it is acting on behalf of malicious code.",[289,1357,1359],{"id":1358},"compliant-solution-cve-2012-4681","Compliant Solution (CVE-2012-4681)",[39,1361,1362,1363,1366,1367,1370,1371,1373],{},"Oracle mitigated this vulnerability in Java 1.7.0 update 7 by patching the ",[71,1364,1365],{},"com.sun.beans.finder.ClassFinder.findClass()"," method. The ",[71,1368,1369],{},"checkPackageAccess()"," method checks the entire call stack to ensure that ",[71,1372,1347],{}," , in this instance only, fetches classes only on behalf of trusted methods.",[305,1375,1376],{"quality":457},[309,1377,1379],{"className":311,"code":1378,"language":313,"meta":314,"style":314},"public static Class\u003C?> findClass(String name) \n   throws ClassNotFoundException {\n  checkPackageAccess(name);\n  try {\n    ClassLoader loader = Thread.currentThread().getContextClassLoader();\n    if (loader == null) {\n      \u002F\u002F Can be null in IE (see 6204697)\n      loader = ClassLoader.getSystemClassLoader();\n    }\n    if (loader != null) {\n      return Class.forName(name, false, loader);\n    }\n\n  } catch (ClassNotFoundException exception) {\n    \u002F\u002F Use current class loader instead\n  } catch (SecurityException exception) {\n    \u002F\u002F Use current class loader instead\n  }\n  return Class.forName(name);\n}\n",[71,1380,1381,1399,1403,1410,1416,1434,1446,1451,1463,1467,1479,1493,1497,1501,1515,1519,1533,1537,1541,1551],{"__ignoreMap":314},[318,1382,1383,1385,1387,1389,1391,1393,1395,1397],{"class":320,"line":321},[318,1384,325],{"class":324},[318,1386,1158],{"class":324},[318,1388,742],{"class":340},[318,1390,1163],{"class":324},[318,1392,1166],{"class":332},[318,1394,337],{"class":336},[318,1396,341],{"class":340},[318,1398,1173],{"class":336},[318,1400,1401],{"class":320,"line":347},[318,1402,1178],{"class":336},[318,1404,1405,1408],{"class":320,"line":366},[318,1406,1407],{"class":332},"  checkPackageAccess",[318,1409,1337],{"class":336},[318,1411,1412,1414],{"class":320,"line":381},[318,1413,1183],{"class":324},[318,1415,1186],{"class":336},[318,1417,1418,1420,1422,1424,1426,1428,1430,1432],{"class":320,"line":393},[318,1419,1191],{"class":340},[318,1421,1194],{"class":336},[318,1423,636],{"class":324},[318,1425,1199],{"class":336},[318,1427,1202],{"class":332},[318,1429,1205],{"class":336},[318,1431,1208],{"class":332},[318,1433,840],{"class":336},[318,1435,1436,1438,1440,1442,1444],{"class":320,"line":406},[318,1437,1215],{"class":324},[318,1439,1218],{"class":336},[318,1441,929],{"class":324},[318,1443,400],{"class":399},[318,1445,943],{"class":336},[318,1447,1448],{"class":320,"line":412},[318,1449,1450],{"class":580},"      \u002F\u002F Can be null in IE (see 6204697)\n",[318,1452,1453,1455,1457,1459,1461],{"class":320,"line":418},[318,1454,1229],{"class":336},[318,1456,636],{"class":324},[318,1458,1234],{"class":336},[318,1460,1237],{"class":332},[318,1462,840],{"class":336},[318,1464,1465],{"class":320,"line":856},[318,1466,409],{"class":336},[318,1468,1469,1471,1473,1475,1477],{"class":320,"line":1001},[318,1470,1215],{"class":324},[318,1472,1218],{"class":336},[318,1474,1252],{"class":324},[318,1476,400],{"class":399},[318,1478,943],{"class":336},[318,1480,1481,1483,1485,1487,1489,1491],{"class":320,"line":1006},[318,1482,396],{"class":324},[318,1484,1263],{"class":336},[318,1486,1266],{"class":332},[318,1488,1269],{"class":336},[318,1490,1272],{"class":399},[318,1492,1275],{"class":336},[318,1494,1495],{"class":320,"line":1021},[318,1496,409],{"class":336},[318,1498,1499],{"class":320,"line":1035},[318,1500,644],{"emptyLinePlaceholder":7},[318,1502,1503,1505,1507,1509,1511,1513],{"class":320,"line":1046},[318,1504,1284],{"class":336},[318,1506,1287],{"class":324},[318,1508,1290],{"class":336},[318,1510,1293],{"class":340},[318,1512,1297],{"class":1296},[318,1514,943],{"class":336},[318,1516,1517],{"class":320,"line":1051},[318,1518,1304],{"class":580},[318,1520,1521,1523,1525,1527,1529,1531],{"class":320,"line":1057},[318,1522,1284],{"class":336},[318,1524,1287],{"class":324},[318,1526,1290],{"class":336},[318,1528,727],{"class":340},[318,1530,1297],{"class":1296},[318,1532,943],{"class":336},[318,1534,1535],{"class":320,"line":1063},[318,1536,1304],{"class":580},[318,1538,1539],{"class":320,"line":1069},[318,1540,998],{"class":336},[318,1542,1543,1545,1547,1549],{"class":320,"line":1097},[318,1544,586],{"class":324},[318,1546,1263],{"class":336},[318,1548,1266],{"class":332},[318,1550,1337],{"class":336},[318,1552,1553],{"class":320,"line":1121},[318,1554,421],{"class":336},[289,1556,1558],{"id":1557},"noncompliant-code-example-cve-2013-0422","Noncompliant Code Example (CVE-2013-0422)",[39,1560,1561,1562,1565,1566,1569,1570,1573,1574,1577],{},"Java 1.7.0 update 10 was widely exploited in January 2013 because of several vulnerabilities. One vulnerability in the ",[71,1563,1564],{},"MBeanInstantiator"," class granted unprivileged code the ability to access any class regardless of the current security policy or accessibility rules. The ",[71,1567,1568],{},"MBeanInstantiator.findClass()"," method could be invoked with any string and would attempt to return the ",[71,1571,1572],{},"Class"," object named after the string. This method delegated its work to the ",[71,1575,1576],{},"loadClass()"," method, whose source code is shown here:",[305,1579,1580],{"quality":307},[309,1581,1583],{"className":311,"code":1582,"language":313,"meta":314,"style":314},"\u002F**\n * Load a class with the specified loader, or with this object\n * class loader if the specified loader is null.\n **\u002F\nstatic Class\u003C?> loadClass(String className, ClassLoader loader)\n    throws ReflectionException {\n\n    Class\u003C?> theClass;\n    if (className == null) {\n        throw new RuntimeOperationsException(new\n            IllegalArgumentException(\"The class name cannot be null\"),\n                          \"Exception occurred during object instantiation\");\n    }\n    try {\n        if (loader == null)\n            loader = MBeanInstantiator.class.getClassLoader();\n        if (loader != null) {\n            theClass = Class.forName(className, false, loader);\n        } else {\n            theClass = Class.forName(className);\n        }\n    } catch (ClassNotFoundException e) {\n        throw new ReflectionException(e,\n        \"The MBean class could not be loaded\");\n    }\n    return theClass;\n}\n",[71,1584,1585,1590,1595,1600,1605,1630,1635,1639,1653,1666,1681,1694,1701,1705,1712,1726,1741,1753,1771,1781,1794,1799,1815,1828,1836,1841,1849],{"__ignoreMap":314},[318,1586,1587],{"class":320,"line":321},[318,1588,1589],{"class":580},"\u002F**\n",[318,1591,1592],{"class":320,"line":347},[318,1593,1594],{"class":580}," * Load a class with the specified loader, or with this object\n",[318,1596,1597],{"class":320,"line":366},[318,1598,1599],{"class":580}," * class loader if the specified loader is null.\n",[318,1601,1602],{"class":320,"line":381},[318,1603,1604],{"class":580}," **\u002F\n",[318,1606,1607,1610,1612,1614,1617,1619,1621,1624,1627],{"class":320,"line":393},[318,1608,1609],{"class":324},"static",[318,1611,742],{"class":340},[318,1613,1163],{"class":324},[318,1615,1616],{"class":332}," loadClass",[318,1618,337],{"class":336},[318,1620,341],{"class":340},[318,1622,1623],{"class":336}," className, ",[318,1625,1626],{"class":340},"ClassLoader",[318,1628,1629],{"class":336}," loader)\n",[318,1631,1632],{"class":320,"line":406},[318,1633,1634],{"class":336},"    throws ReflectionException {\n",[318,1636,1637],{"class":320,"line":412},[318,1638,644],{"emptyLinePlaceholder":7},[318,1640,1641,1644,1647,1650],{"class":320,"line":418},[318,1642,1643],{"class":340},"    Class",[318,1645,1646],{"class":336},"\u003C",[318,1648,1649],{"class":328},"?",[318,1651,1652],{"class":336},"> theClass;\n",[318,1654,1655,1657,1660,1662,1664],{"class":320,"line":856},[318,1656,1215],{"class":324},[318,1658,1659],{"class":336}," (className ",[318,1661,929],{"class":324},[318,1663,400],{"class":399},[318,1665,943],{"class":336},[318,1667,1668,1671,1673,1676,1678],{"class":320,"line":1001},[318,1669,1670],{"class":324},"        throw",[318,1672,778],{"class":324},[318,1674,1675],{"class":332}," RuntimeOperationsException",[318,1677,337],{"class":336},[318,1679,1680],{"class":324},"new\n",[318,1682,1683,1686,1688,1691],{"class":320,"line":1006},[318,1684,1685],{"class":332},"            IllegalArgumentException",[318,1687,337],{"class":336},[318,1689,1690],{"class":507},"\"The class name cannot be null\"",[318,1692,1693],{"class":336},"),\n",[318,1695,1696,1699],{"class":320,"line":1021},[318,1697,1698],{"class":507},"                          \"Exception occurred during object instantiation\"",[318,1700,511],{"class":336},[318,1702,1703],{"class":320,"line":1035},[318,1704,409],{"class":336},[318,1706,1707,1710],{"class":320,"line":1046},[318,1708,1709],{"class":324},"    try",[318,1711,1186],{"class":336},[318,1713,1714,1717,1719,1721,1723],{"class":320,"line":1051},[318,1715,1716],{"class":324},"        if",[318,1718,1218],{"class":336},[318,1720,929],{"class":324},[318,1722,400],{"class":399},[318,1724,1725],{"class":336},")\n",[318,1727,1728,1731,1733,1736,1739],{"class":320,"line":1057},[318,1729,1730],{"class":336},"            loader ",[318,1732,636],{"class":324},[318,1734,1735],{"class":336}," MBeanInstantiator.class.",[318,1737,1738],{"class":332},"getClassLoader",[318,1740,840],{"class":336},[318,1742,1743,1745,1747,1749,1751],{"class":320,"line":1063},[318,1744,1716],{"class":324},[318,1746,1218],{"class":336},[318,1748,1252],{"class":324},[318,1750,400],{"class":399},[318,1752,943],{"class":336},[318,1754,1755,1758,1760,1762,1764,1767,1769],{"class":320,"line":1069},[318,1756,1757],{"class":336},"            theClass ",[318,1759,636],{"class":324},[318,1761,1263],{"class":336},[318,1763,1266],{"class":332},[318,1765,1766],{"class":336},"(className, ",[318,1768,1272],{"class":399},[318,1770,1275],{"class":336},[318,1772,1773,1776,1779],{"class":320,"line":1097},[318,1774,1775],{"class":336},"        } ",[318,1777,1778],{"class":324},"else",[318,1780,1186],{"class":336},[318,1782,1783,1785,1787,1789,1791],{"class":320,"line":1121},[318,1784,1757],{"class":336},[318,1786,636],{"class":324},[318,1788,1263],{"class":336},[318,1790,1266],{"class":332},[318,1792,1793],{"class":336},"(className);\n",[318,1795,1796],{"class":320,"line":1126},[318,1797,1798],{"class":336},"        }\n",[318,1800,1801,1804,1806,1808,1810,1813],{"class":320,"line":1131},[318,1802,1803],{"class":336},"    } ",[318,1805,1287],{"class":324},[318,1807,1290],{"class":336},[318,1809,1293],{"class":340},[318,1811,1812],{"class":1296}," e",[318,1814,943],{"class":336},[318,1816,1818,1820,1822,1825],{"class":320,"line":1817},23,[318,1819,1670],{"class":324},[318,1821,778],{"class":324},[318,1823,1824],{"class":332}," ReflectionException",[318,1826,1827],{"class":336},"(e,\n",[318,1829,1831,1834],{"class":320,"line":1830},24,[318,1832,1833],{"class":507},"        \"The MBean class could not be loaded\"",[318,1835,511],{"class":336},[318,1837,1839],{"class":320,"line":1838},25,[318,1840,409],{"class":336},[318,1842,1844,1846],{"class":320,"line":1843},26,[318,1845,845],{"class":324},[318,1847,1848],{"class":336}," theClass;\n",[318,1850,1852],{"class":320,"line":1851},27,[318,1853,421],{"class":336},[39,1855,1856,1857,1859,1860,1863],{},"This method delegates the task of dynamically loading the specified class to the ",[71,1858,1347],{}," method, which delegates the work to its calling method's class loader. Because the calling method is ",[71,1861,1862],{},"MBeanInstantiator.loadClass()"," , the core class loader is used, which provides no security checks.",[289,1865,1867],{"id":1866},"compliant-solution-cve-2013-0422","Compliant Solution (CVE-2013-0422)",[39,1869,1870,1871,1873],{},"Oracle mitigated this vulnerability in Java 1.7.0 update 11 by adding an access check to the ",[71,1872,1862],{}," method. This access check ensures that the caller is permitted to access the class being sought:",[305,1875,1876],{"quality":457},[309,1877,1879],{"className":311,"code":1878,"language":313,"meta":314,"style":314},"\u002F\u002F ...\n    if (className == null) {\n        throw new RuntimeOperationsException(new\n            IllegalArgumentException(\"The class name cannot be null\"),\n                          \"Exception occurred during object instantiation\");\n    }\n    ReflectUtil.checkPackageAccess(className);\n    try {\n        if (loader == null)\n\u002F\u002F ...\n",[71,1880,1881,1885,1897,1909,1919,1925,1929,1939,1945,1957],{"__ignoreMap":314},[318,1882,1883],{"class":320,"line":321},[318,1884,1134],{"class":580},[318,1886,1887,1889,1891,1893,1895],{"class":320,"line":347},[318,1888,1215],{"class":324},[318,1890,1659],{"class":336},[318,1892,929],{"class":324},[318,1894,400],{"class":399},[318,1896,943],{"class":336},[318,1898,1899,1901,1903,1905,1907],{"class":320,"line":366},[318,1900,1670],{"class":324},[318,1902,778],{"class":324},[318,1904,1675],{"class":332},[318,1906,337],{"class":336},[318,1908,1680],{"class":324},[318,1910,1911,1913,1915,1917],{"class":320,"line":381},[318,1912,1685],{"class":332},[318,1914,337],{"class":336},[318,1916,1690],{"class":507},[318,1918,1693],{"class":336},[318,1920,1921,1923],{"class":320,"line":393},[318,1922,1698],{"class":507},[318,1924,511],{"class":336},[318,1926,1927],{"class":320,"line":406},[318,1928,409],{"class":336},[318,1930,1931,1934,1937],{"class":320,"line":412},[318,1932,1933],{"class":336},"    ReflectUtil.",[318,1935,1936],{"class":332},"checkPackageAccess",[318,1938,1793],{"class":336},[318,1940,1941,1943],{"class":320,"line":418},[318,1942,1709],{"class":324},[318,1944,1186],{"class":336},[318,1946,1947,1949,1951,1953,1955],{"class":320,"line":856},[318,1948,1716],{"class":324},[318,1950,1218],{"class":336},[318,1952,929],{"class":324},[318,1954,400],{"class":399},[318,1956,1725],{"class":336},[318,1958,1959],{"class":320,"line":1001},[318,1960,1134],{"class":580},[289,1962,1964],{"id":1963},"applicability","Applicability",[39,1966,1967],{},"Allowing untrusted code to invoke methods with reduced-security checks can result in privilege escalation. Likewise, allowing untrusted code to perform actions using the immediate caller's class loader may allow the untrusted code to execute with the same privileges as the immediate caller.",[39,1969,1970,1971,1974],{},"Methods that avoid using the immediate caller's class loader instance fall outside the scope of this guideline. For example, the three-argument ",[71,1972,1973],{},"java.lang.Class.forName()"," method requires an explicit argument that specifies the class loader instance to use.",[309,1976,1978],{"className":311,"code":1977,"language":313,"meta":314,"style":314},"public static Class forName(String name, boolean initialize,\n       ClassLoader loader) throws ClassNotFoundException\n",[71,1979,1980,2004],{"__ignoreMap":314},[318,1981,1982,1984,1986,1988,1991,1993,1995,1998,2001],{"class":320,"line":321},[318,1983,325],{"class":324},[318,1985,1158],{"class":324},[318,1987,742],{"class":340},[318,1989,1990],{"class":332}," forName",[318,1992,337],{"class":336},[318,1994,341],{"class":340},[318,1996,1997],{"class":336}," name, ",[318,1999,2000],{"class":328},"boolean",[318,2002,2003],{"class":336}," initialize,\n",[318,2005,2006,2009,2012],{"class":320,"line":347},[318,2007,2008],{"class":340},"       ClassLoader",[318,2010,2011],{"class":336}," loader) throws ",[318,2013,2014],{"class":340},"ClassNotFoundException\n",[39,2016,2017],{},"Do not use the immediate caller's class loader as the third argument when instances must be returned to untrusted code.",[289,2019,2021],{"id":2020},"bibliography","Bibliography",[46,2023,2024,2033],{},[2025,2026,2027,2031],"colgroup",{},[2028,2029],"col",{"style":2030},"width: 50%",[2028,2032],{"style":2030},[58,2034,2035,2056,2071,2086,2110,2125],{},[52,2036,2039,2047],{"className":2037},[2038],"odd",[63,2040,2041,2042,2046],{},"[ ",[278,2043,2045],{"href":2044},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references#Rec.AA.References-API11","API 2013"," ]",[63,2048,2049],{},[278,2050,2052,2053],{"href":2051},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F7\u002Fdocs\u002Fapi\u002Fjava\u002Flang\u002FClassLoader.html","Class ",[71,2054,2055],{},"       ClassLoader      ",[52,2057,2060,2066],{"className":2058},[2059],"even",[63,2061,2041,2062,2046],{},[278,2063,2065],{"href":2064},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references#Rec.AA.References-Chan99","Chan 1999",[63,2067,2068],{},[71,2069,2070],{},"      java.lang.reflect AccessibleObject     ",[52,2072,2074,2080],{"className":2073},[2038],[63,2075,2041,2076,2046],{},[278,2077,2079],{"href":2078},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references#Rec.AA.References-Guillardoy12","Guillardoy 2012",[63,2081,2082],{},[278,2083,2085],{"href":2084},"http:\u002F\u002Fimmunityproducts.blogspot.com.ar\u002F2012\u002F08\u002Fjava-0day-analysis-cve-2012-4681.html","Java 0-day Analysis (CVE-2012-4681)",[52,2087,2089,2095],{"className":2088},[2059],[63,2090,2041,2091,2046],{},[278,2092,2094],{"href":2093},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references#Rec.AA.References-Long","Long 2012",[63,2096,2097],{},[39,2098,2099,2101,2104,2106,2108],{},[278,2100,286],{"href":285},[2102,2103],"br",{},[278,2105,281],{"href":280},[2102,2107],{},[278,2109,705],{"href":704},[52,2111,2113,2119],{"className":2112},[2038],[63,2114,2041,2115,2046],{},[278,2116,2118],{"href":2117},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references#Rec.AA.References-Manion13","Manion 2013",[63,2120,2121],{},[278,2122,2124],{"href":2123},"https:\u002F\u002Fwww.cert.org\u002Fblogs\u002Fcertcc\u002F2013\u002F01\u002Fanatomy_of_java_exploits.html","Anatomy of Java Exploits",[52,2126,2128,2134],{"className":2127},[2059],[63,2129,2041,2130,2046],{},[278,2131,2133],{"href":2132},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references#Rec.AA.References-Oracle13","Oracle 2013",[63,2135,2136],{},[278,2137,2139],{"href":2138},"http:\u002F\u002Fwww.oracle.com\u002Ftechnetwork\u002Ftopics\u002Fsecurity\u002Falert-cve-2013-0422-1896849.html","Oracle Security Alert for CVE-2013-0422",[2141,2142],"hr",{},[39,2144,2145,2152,2153,2152,2159],{},[278,2146,2148],{"href":2147},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec51-j",[2149,2150],"img",{"src":2151},"\u002Fattachments\u002F88487545\u002F88873873.png"," ",[278,2154,2156],{"href":2155},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002F",[2149,2157],{"src":2158},"\u002Fattachments\u002F88487545\u002F88873874.png",[278,2160,2162],{"href":2161},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec53-j",[2149,2163],{"src":2164},"\u002Fattachments\u002F88487545\u002F88873875.png",[2166,2167,2168],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .sP7S_, html code.shiki .sP7S_{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#FD971F}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}",{"title":314,"searchDepth":347,"depth":347,"links":2170},[2171,2172,2173,2174,2175,2176,2177,2178,2179,2180],{"id":291,"depth":347,"text":292},{"id":436,"depth":347,"text":437},{"id":534,"depth":347,"text":292},{"id":613,"depth":347,"text":437},{"id":690,"depth":347,"text":691},{"id":1358,"depth":347,"text":1359},{"id":1557,"depth":347,"text":1558},{"id":1866,"depth":347,"text":1867},{"id":1963,"depth":347,"text":1964},{"id":2020,"depth":347,"text":2021},"md",{"tags":2183},[2184,2185,2186,2187,2188,2189,2190,2191,2192,2193,2194],"review-dms","review-dfs","1security","review-dm","recommendation","reviewed-fwl","android-inapplicable","security","sec","analyzable","cwe-732","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec52-j",{"title":30,"description":41},"6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F04.sec52-j","slVFJBWXnA3btcchWZTcH8Sc4WX-T9f0djJRVIN-eao",[2200,2203],{"title":2201,"path":2147,"stem":2202,"children":-1},"SEC51-J. Minimize privileged code","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F03.sec51-j",{"title":2204,"path":2161,"stem":2205,"children":-1},"SEC53-J. Define custom security permissions for fine-grained security","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F05.sec53-j",[2207],{"title":2208,"path":2209,"stem":2210,"children":2211},"SEI CERT Oracle Coding Standard for Java","\u002Fsei-cert-oracle-coding-standard-for-java","6.sei-cert-oracle-coding-standard-for-java\u002F1.index",[2212,2213,2353,3185,3575,3753],{"title":2208,"path":2209,"stem":2210},{"title":2214,"path":2215,"stem":2216,"children":2217},"Front Matter","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F1.index",[2218,2219,2223,2227,2231,2277,2315],{"title":2214,"path":2215,"stem":2216},{"title":2220,"path":2221,"stem":2222},"Rules versus Recommendations (Java)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frules-versus-recommendations-java","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F2.rules-versus-recommendations-java",{"title":2224,"path":2225,"stem":2226},"Acknowledgments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Facknowledgments","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F3.acknowledgments",{"title":2228,"path":2229,"stem":2230},"Deprecations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Fdeprecations","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.deprecations",{"title":2232,"path":2233,"stem":2234,"children":2235},"Rec. Preface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F01.index",[2236,2237,2241,2245,2249,2253,2257,2261,2265,2269,2273],{"title":2232,"path":2233,"stem":2234},{"title":2238,"path":2239,"stem":2240},"Scope","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fscope","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F02.scope",{"title":2242,"path":2243,"stem":2244},"Audience","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Faudience","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F03.audience",{"title":2246,"path":2247,"stem":2248},"Contents and Organization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fcontents-and-organization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F05.contents-and-organization",{"title":2250,"path":2251,"stem":2252},"Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fguidelines","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F06.guidelines",{"title":2254,"path":2255,"stem":2256},"Usage","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fusage","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F07.usage",{"title":2258,"path":2259,"stem":2260},"System Qualities","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fsystem-qualities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F08.system-qualities",{"title":2262,"path":2263,"stem":2264},"Priority and Levels","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fpriority-and-levels","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F09.priority-and-levels",{"title":2266,"path":2267,"stem":2268},"Automatically Generated Code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fautomatically-generated-code","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F10.automatically-generated-code",{"title":2270,"path":2271,"stem":2272},"Source Code Validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fsource-code-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F11.source-code-validation",{"title":2274,"path":2275,"stem":2276},"Tool Selection and Validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Ftool-selection-and-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F12.tool-selection-and-validation",{"title":2278,"path":2279,"stem":2280,"children":2281},"Rule. Introduction","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F01.index",[2282,2283,2287,2291,2295,2299,2303,2307,2311],{"title":2278,"path":2279,"stem":2280},{"title":2284,"path":2285,"stem":2286},"Input Validation and Data Sanitization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Finput-validation-and-data-sanitization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F02.input-validation-and-data-sanitization",{"title":2288,"path":2289,"stem":2290},"Leaking Sensitive Data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fleaking-sensitive-data","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F03.leaking-sensitive-data",{"title":2292,"path":2293,"stem":2294},"Type Safety","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Ftype-safety","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F04.type-safety",{"title":2296,"path":2297,"stem":2298},"Leaking Capabilities","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fleaking-capabilities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F05.leaking-capabilities",{"title":2300,"path":2301,"stem":2302},"Denial of Service","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fdenial-of-service","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F06.denial-of-service",{"title":2304,"path":2305,"stem":2306},"Libraries","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Flibraries","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F07.libraries",{"title":2308,"path":2309,"stem":2310},"Concurrency, Visibility, and Memory","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fconcurrency-visibility-and-memory","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F08.concurrency-visibility-and-memory",{"title":2312,"path":2313,"stem":2314},"Privilege Escalation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fprivilege-escalation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F09.privilege-escalation",{"title":2316,"path":2317,"stem":2318,"children":2319},"Rule. Preface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F01.index",[2320,2321,2324,2327,2330,2334,2337,2340,2343,2346,2350],{"title":2316,"path":2317,"stem":2318},{"title":2238,"path":2322,"stem":2323},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fscope","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F02.scope",{"title":2242,"path":2325,"stem":2326},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Faudience","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F03.audience",{"title":2246,"path":2328,"stem":2329},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fcontents-and-organization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F04.contents-and-organization",{"title":2331,"path":2332,"stem":2333},"Identifiers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fidentifiers","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F05.identifiers",{"title":2254,"path":2335,"stem":2336},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fusage","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F06.usage",{"title":2258,"path":2338,"stem":2339},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fsystem-qualities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F07.system-qualities",{"title":2262,"path":2341,"stem":2342},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fpriority-and-levels","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F08.priority-and-levels",{"title":2266,"path":2344,"stem":2345},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fautomatically-generated-code","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F09.automatically-generated-code",{"title":2347,"path":2348,"stem":2349},"Conformance Testing","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fconformance-testing","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F10.conformance-testing",{"title":2274,"path":2351,"stem":2352},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Ftool-selection-and-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F11.tool-selection-and-validation",{"title":2354,"path":2355,"stem":2356,"children":2357},"Rules","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F01.index",[2358,2359,2363,2389,2407,2453,2491,2565,2619,2645,2699,2761,2815,2873,2935,2979,3019,3077,3107,3133,3155],{"title":2354,"path":2355,"stem":2356},{"title":2360,"path":2361,"stem":2362},"Android (DRD)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fandroid-drd","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F02.android-drd",{"title":2364,"path":2365,"stem":2366,"children":2367},"Characters and Strings (STR)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F1.index",[2368,2369,2373,2377,2381,2385],{"title":2364,"path":2365,"stem":2366},{"title":2370,"path":2371,"stem":2372},"STR00-J. Don't form strings containing partial characters from variable-width encodings","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F2.str00-j",{"title":2374,"path":2375,"stem":2376},"STR01-J. Do not assume that a Java char fully represents a Unicode code point","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F3.str01-j",{"title":2378,"path":2379,"stem":2380},"STR02-J. Specify an appropriate locale when comparing locale-dependent data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F4.str02-j",{"title":2382,"path":2383,"stem":2384},"STR03-J. Do not encode noncharacter data as a string","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F5.str03-j",{"title":2386,"path":2387,"stem":2388},"STR04-J. Use compatible character encodings when communicating string data between JVMs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F6.str04-j",{"title":2390,"path":2391,"stem":2392,"children":2393},"Declarations and Initialization (DCL)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F1.index",[2394,2395,2399,2403],{"title":2390,"path":2391,"stem":2392},{"title":2396,"path":2397,"stem":2398},"DCL00-J. Prevent class initialization cycles","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F2.dcl00-j",{"title":2400,"path":2401,"stem":2402},"DCL01-J. Do not reuse public identifiers from the Java Standard Library","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F3.dcl01-j",{"title":2404,"path":2405,"stem":2406},"DCL02-J. Do not modify the collection's elements during an enhanced for statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F4.dcl02-j",{"title":2408,"path":2409,"stem":2410,"children":2411},"Exceptional Behavior (ERR)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F01.index",[2412,2413,2417,2421,2425,2429,2433,2437,2441,2445,2449],{"title":2408,"path":2409,"stem":2410},{"title":2414,"path":2415,"stem":2416},"ERR00-J. Do not suppress or ignore checked exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F02.err00-j",{"title":2418,"path":2419,"stem":2420},"ERR01-J. Do not allow exceptions to expose sensitive information","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F03.err01-j",{"title":2422,"path":2423,"stem":2424},"ERR02-J. Prevent exceptions while logging data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F04.err02-j",{"title":2426,"path":2427,"stem":2428},"ERR03-J. Restore prior object state on method failure","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F05.err03-j",{"title":2430,"path":2431,"stem":2432},"ERR04-J. Do not complete abruptly from a finally block","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F06.err04-j",{"title":2434,"path":2435,"stem":2436},"ERR05-J. Do not let checked exceptions escape from a finally block","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F07.err05-j",{"title":2438,"path":2439,"stem":2440},"ERR06-J. Do not throw undeclared checked exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F08.err06-j",{"title":2442,"path":2443,"stem":2444},"ERR07-J. Do not throw RuntimeException, Exception, or Throwable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F09.err07-j",{"title":2446,"path":2447,"stem":2448},"ERR08-J. Do not catch NullPointerException or any of its ancestors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F10.err08-j",{"title":2450,"path":2451,"stem":2452},"ERR09-J. Do not allow untrusted code to terminate the JVM","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F11.err09-j",{"title":2454,"path":2455,"stem":2456,"children":2457},"Expressions (EXP)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F1.index",[2458,2459,2463,2467,2471,2475,2479,2483,2487],{"title":2454,"path":2455,"stem":2456},{"title":2460,"path":2461,"stem":2462},"EXP00-J. Do not ignore values returned by methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F2.exp00-j",{"title":2464,"path":2465,"stem":2466},"EXP01-J. Do not use a null in a case where an object is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F3.exp01-j",{"title":2468,"path":2469,"stem":2470},"EXP02-J. Do not use the Object.equals() method to compare two arrays","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F4.exp02-j",{"title":2472,"path":2473,"stem":2474},"EXP03-J. Do not use the equality operators when comparing values of boxed primitives","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F5.exp03-j",{"title":2476,"path":2477,"stem":2478},"EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F6.exp04-j",{"title":2480,"path":2481,"stem":2482},"EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F7.exp05-j",{"title":2484,"path":2485,"stem":2486},"EXP06-J. Expressions used in assertions must not produce side effects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F8.exp06-j",{"title":2488,"path":2489,"stem":2490},"EXP07-J. Prevent loss of useful data due to weak references","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F9.exp07-j",{"title":2492,"path":2493,"stem":2494,"children":2495},"Input Output (FIO)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F01.index",[2496,2497,2501,2505,2509,2513,2517,2521,2525,2529,2533,2537,2541,2545,2549,2553,2557,2561],{"title":2492,"path":2493,"stem":2494},{"title":2498,"path":2499,"stem":2500},"FIO00-J. Do not operate on files in shared directories","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F02.fio00-j",{"title":2502,"path":2503,"stem":2504},"FIO01-J. Create files with appropriate access permissions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F03.fio01-j",{"title":2506,"path":2507,"stem":2508},"FIO02-J. Detect and handle file-related errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F04.fio02-j",{"title":2510,"path":2511,"stem":2512},"FIO03-J. Remove temporary files before termination","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F05.fio03-j",{"title":2514,"path":2515,"stem":2516},"FIO04-J. Release resources when they are no longer needed","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F06.fio04-j",{"title":2518,"path":2519,"stem":2520},"FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F07.fio05-j",{"title":2522,"path":2523,"stem":2524},"FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F08.fio06-j",{"title":2526,"path":2527,"stem":2528},"FIO07-J. Do not let external processes block on IO buffers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F09.fio07-j",{"title":2530,"path":2531,"stem":2532},"FIO08-J. Distinguish between characters or bytes read from a stream and -1","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F10.fio08-j",{"title":2534,"path":2535,"stem":2536},"FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F11.fio09-j",{"title":2538,"path":2539,"stem":2540},"FIO10-J. Ensure the array is filled when using read() to fill an array","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F12.fio10-j",{"title":2542,"path":2543,"stem":2544},"FIO11-J. Do not convert between strings and bytes without specifying a valid character encoding","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F13.fio11-j",{"title":2546,"path":2547,"stem":2548},"FIO12-J. Provide methods to read and write little-endian data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F14.fio12-j",{"title":2550,"path":2551,"stem":2552},"FIO13-J. Do not log sensitive information outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F15.fio13-j",{"title":2554,"path":2555,"stem":2556},"FIO14-J. Perform proper cleanup at program termination","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F16.fio14-j",{"title":2558,"path":2559,"stem":2560},"FIO15-J. Do not reset a servlet's output stream after committing it","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio15-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F17.fio15-j",{"title":2562,"path":2563,"stem":2564},"FIO16-J. Canonicalize path names before validating them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio16-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F18.fio16-j",{"title":2566,"path":2567,"stem":2568,"children":2569},"Input Validation and Data Sanitization (IDS)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F01.index",[2570,2571,2575,2579,2583,2587,2591,2595,2599,2603,2607,2611,2615],{"title":2566,"path":2567,"stem":2568},{"title":2572,"path":2573,"stem":2574},"IDS00-J. Prevent SQL injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F02.ids00-j",{"title":2576,"path":2577,"stem":2578},"IDS01-J. Normalize strings before validating them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F03.ids01-j",{"title":2580,"path":2581,"stem":2582},"IDS03-J. Do not log unsanitized user input","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F04.ids03-j",{"title":2584,"path":2585,"stem":2586},"IDS04-J. Safely extract files from ZipInputStream","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F05.ids04-j",{"title":2588,"path":2589,"stem":2590},"IDS06-J. Exclude unsanitized user input from format strings","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F06.ids06-j",{"title":2592,"path":2593,"stem":2594},"IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F07.ids07-j",{"title":2596,"path":2597,"stem":2598},"IDS08-J. Sanitize untrusted data included in a regular expression","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F08.ids08-j",{"title":2600,"path":2601,"stem":2602},"IDS11-J. Perform any string modifications before validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F09.ids11-j",{"title":2604,"path":2605,"stem":2606},"IDS14-J. Do not trust the contents of hidden form fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F10.ids14-j",{"title":2608,"path":2609,"stem":2610},"IDS15-J. Do not allow sensitive information to leak outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids15-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F11.ids15-j",{"title":2612,"path":2613,"stem":2614},"IDS16-J. Prevent XML Injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids16-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F12.ids16-j",{"title":2616,"path":2617,"stem":2618},"IDS17-J. Prevent XML External Entity Attacks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids17-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F13.ids17-j",{"title":2620,"path":2621,"stem":2622,"children":2623},"Java Native Interface (JNI)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F1.index",[2624,2625,2629,2633,2637,2641],{"title":2620,"path":2621,"stem":2622},{"title":2626,"path":2627,"stem":2628},"JNI00-J. Define wrappers around native methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F2.jni00-j",{"title":2630,"path":2631,"stem":2632},"JNI01-J. Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F3.jni01-j",{"title":2634,"path":2635,"stem":2636},"JNI02-J. Do not assume object references are constant or unique","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F4.jni02-j",{"title":2638,"path":2639,"stem":2640},"JNI03-J. Do not use direct pointers to Java objects in JNI code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F5.jni03-j",{"title":2642,"path":2643,"stem":2644},"JNI04-J. Do not assume that Java strings are null-terminated","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F6.jni04-j",{"title":2646,"path":2647,"stem":2648,"children":2649},"Locking (LCK)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F01.index",[2650,2651,2655,2659,2663,2667,2671,2675,2679,2683,2687,2691,2695],{"title":2646,"path":2647,"stem":2648},{"title":2652,"path":2653,"stem":2654},"LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F02.lck00-j",{"title":2656,"path":2657,"stem":2658},"LCK01-J. Do not synchronize on objects that may be reused","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F03.lck01-j",{"title":2660,"path":2661,"stem":2662},"LCK02-J. Do not synchronize on the class object returned by getClass()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F04.lck02-j",{"title":2664,"path":2665,"stem":2666},"LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F05.lck03-j",{"title":2668,"path":2669,"stem":2670},"LCK04-J. Do not synchronize on a collection view if the backing collection is accessible","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F06.lck04-j",{"title":2672,"path":2673,"stem":2674},"LCK05-J. Synchronize access to static fields that can be modified by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F07.lck05-j",{"title":2676,"path":2677,"stem":2678},"LCK06-J. Do not use an instance lock to protect shared static data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F08.lck06-j",{"title":2680,"path":2681,"stem":2682},"LCK07-J. Avoid deadlock by requesting and releasing locks in the same order","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F09.lck07-j",{"title":2684,"path":2685,"stem":2686},"LCK08-J. Ensure actively held locks are released on exceptional conditions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F10.lck08-j",{"title":2688,"path":2689,"stem":2690},"LCK09-J. Do not perform operations that can block while holding a lock","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F11.lck09-j",{"title":2692,"path":2693,"stem":2694},"LCK10-J. Use a correct form of the double-checked locking idiom","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F12.lck10-j",{"title":2696,"path":2697,"stem":2698},"LCK11-J. Avoid client-side locking when using classes that do not commit to their locking strategy","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F13.lck11-j",{"title":2700,"path":2701,"stem":2702,"children":2703},"Methods (MET)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F01.index",[2704,2705,2709,2713,2717,2721,2725,2729,2733,2737,2741,2745,2749,2753,2757],{"title":2700,"path":2701,"stem":2702},{"title":2706,"path":2707,"stem":2708},"MET00-J. Validate method arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F02.met00-j",{"title":2710,"path":2711,"stem":2712},"MET01-J. Never use assertions to validate method arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F03.met01-j",{"title":2714,"path":2715,"stem":2716},"MET02-J. Do not use deprecated or obsolete classes or methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F04.met02-j",{"title":2718,"path":2719,"stem":2720},"MET03-J. Methods that perform a security check must be declared private or final","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F05.met03-j",{"title":2722,"path":2723,"stem":2724},"MET04-J. Do not increase the accessibility of overridden or hidden methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F06.met04-j",{"title":2726,"path":2727,"stem":2728},"MET05-J. Ensure that constructors do not call overridable methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F07.met05-j",{"title":2730,"path":2731,"stem":2732},"MET06-J. Do not invoke overridable methods in clone()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F08.met06-j",{"title":2734,"path":2735,"stem":2736},"MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F09.met07-j",{"title":2738,"path":2739,"stem":2740},"MET08-J. Preserve the equality contract when overriding the equals() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F10.met08-j",{"title":2742,"path":2743,"stem":2744},"MET09-J. Classes that define an equals() method must also define a hashCode() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F11.met09-j",{"title":2746,"path":2747,"stem":2748},"MET10-J. Follow the general contract when implementing the compareTo() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F12.met10-j",{"title":2750,"path":2751,"stem":2752},"MET11-J. Ensure that keys used in comparison operations are immutable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F13.met11-j",{"title":2754,"path":2755,"stem":2756},"MET12-J. Do not use finalizers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F14.met12-j",{"title":2758,"path":2759,"stem":2760},"MET13-J. Do not assume that reassigning method arguments modifies the calling environment","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F15.met13-j",{"title":2762,"path":2763,"stem":2764,"children":2765},"Miscellaneous (MSC)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F01.index",[2766,2767,2771,2775,2779,2783,2787,2791,2795,2799,2803,2807,2811],{"title":2762,"path":2763,"stem":2764},{"title":2768,"path":2769,"stem":2770},"MSC00-J. Use SSLSocket rather than Socket for secure data exchange","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F02.msc00-j",{"title":2772,"path":2773,"stem":2774},"MSC01-J. Do not use an empty infinite loop","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F03.msc01-j",{"title":2776,"path":2777,"stem":2778},"MSC02-J. Generate strong random numbers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F04.msc02-j",{"title":2780,"path":2781,"stem":2782},"MSC03-J. Never hard code sensitive information","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F05.msc03-j",{"title":2784,"path":2785,"stem":2786},"MSC04-J. Do not leak memory","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F06.msc04-j",{"title":2788,"path":2789,"stem":2790},"MSC05-J. Do not exhaust heap space","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F07.msc05-j",{"title":2792,"path":2793,"stem":2794},"MSC06-J. Do not modify the underlying collection when an iteration is in progress","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F08.msc06-j",{"title":2796,"path":2797,"stem":2798},"MSC07-J. Prevent multiple instantiations of singleton objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F09.msc07-j",{"title":2800,"path":2801,"stem":2802},"MSC08-J. Do not store nonserializable objects as attributes in an HTTP session","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F10.msc08-j",{"title":2804,"path":2805,"stem":2806},"MSC09-J. For OAuth, ensure (a) [relying party receiving user's ID in last step] is same as (b) [relying party the access token was granted to].","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F11.msc09-j",{"title":2808,"path":2809,"stem":2810},"MSC10-J. Do not use OAuth 2.0 implicit grant (unmodified) for authentication","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F12.msc10-j",{"title":2812,"path":2813,"stem":2814},"MSC11-J. Do not let session information leak within a servlet","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F13.msc11-j",{"title":2816,"path":2817,"stem":2818,"children":2819},"Numeric Types and Operations (NUM)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F01.index",[2820,2821,2825,2829,2833,2837,2841,2845,2849,2853,2857,2861,2865,2869],{"title":2816,"path":2817,"stem":2818},{"title":2822,"path":2823,"stem":2824},"NUM00-J. Detect or prevent integer overflow","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F02.num00-j",{"title":2826,"path":2827,"stem":2828},"NUM01-J. Do not perform bitwise and arithmetic operations on the same data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F03.num01-j",{"title":2830,"path":2831,"stem":2832},"NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F04.num02-j",{"title":2834,"path":2835,"stem":2836},"NUM03-J. Use integer types that can fully represent the possible range of unsigned data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F05.num03-j",{"title":2838,"path":2839,"stem":2840},"NUM04-J. Do not use floating-point numbers if precise computation is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F06.num04-j",{"title":2842,"path":2843,"stem":2844},"NUM07-J. Do not attempt comparisons with NaN","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F07.num07-j",{"title":2846,"path":2847,"stem":2848},"NUM08-J. Check floating-point inputs for exceptional values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F08.num08-j",{"title":2850,"path":2851,"stem":2852},"NUM09-J. Do not use floating-point variables as loop counters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F09.num09-j",{"title":2854,"path":2855,"stem":2856},"NUM10-J. Do not construct BigDecimal objects from floating-point literals","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F10.num10-j",{"title":2858,"path":2859,"stem":2860},"NUM11-J. Do not compare or inspect the string representation of floating-point values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F11.num11-j",{"title":2862,"path":2863,"stem":2864},"NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F12.num12-j",{"title":2866,"path":2867,"stem":2868},"NUM13-J. Avoid loss of precision when converting primitive integers to floating-point","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F13.num13-j",{"title":2870,"path":2871,"stem":2872},"NUM14-J. Use shift operators correctly","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F14.num14-j",{"title":2874,"path":2875,"stem":2876,"children":2877},"Object Orientation (OBJ)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F01.index",[2878,2879,2883,2887,2891,2895,2899,2903,2907,2911,2915,2919,2923,2927,2931],{"title":2874,"path":2875,"stem":2876},{"title":2880,"path":2881,"stem":2882},"OBJ01-J. Limit accessibility of fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F02.obj01-j",{"title":2884,"path":2885,"stem":2886},"OBJ02-J. Preserve dependencies in subclasses when changing superclasses","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F03.obj02-j",{"title":2888,"path":2889,"stem":2890},"OBJ03-J. Prevent heap pollution","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F04.obj03-j",{"title":2892,"path":2893,"stem":2894},"OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F05.obj04-j",{"title":2896,"path":2897,"stem":2898},"OBJ05-J. Do not return references to private mutable class members","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F06.obj05-j",{"title":2900,"path":2901,"stem":2902},"OBJ06-J. Defensively copy mutable inputs and mutable internal components","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F07.obj06-j",{"title":2904,"path":2905,"stem":2906},"OBJ07-J. Sensitive classes must not let themselves be copied","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F08.obj07-j",{"title":2908,"path":2909,"stem":2910},"OBJ08-J. Do not expose private members of an outer class from within a nested class","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F09.obj08-j",{"title":2912,"path":2913,"stem":2914},"OBJ09-J. Compare classes and not class names","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F10.obj09-j",{"title":2916,"path":2917,"stem":2918},"OBJ10-J. Do not use public static nonfinal fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F11.obj10-j",{"title":2920,"path":2921,"stem":2922},"OBJ11-J. Be wary of letting constructors throw exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F12.obj11-j",{"title":2924,"path":2925,"stem":2926},"OBJ12-J. Respect object-based annotations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F13.obj12-j",{"title":2928,"path":2929,"stem":2930},"OBJ13-J. Ensure that references to mutable objects are not exposed","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F14.obj13-j",{"title":2932,"path":2933,"stem":2934},"OBJ14-J. Do not use an object that has been freed.","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F15.obj14-j",{"title":2936,"path":2937,"stem":2938,"children":2939},"Platform Security (SEC)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F01.index",[2940,2941,2943,2947,2951,2953,2957,2959,2963,2967,2971,2975],{"title":2936,"path":2937,"stem":2938},{"title":286,"path":285,"stem":2942},"6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F02.sec00-j",{"title":2944,"path":2945,"stem":2946},"SEC01-J. Do not allow tainted variables in privileged blocks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F03.sec01-j",{"title":2948,"path":2949,"stem":2950},"SEC02-J. Do not base security checks on untrusted sources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F04.sec02-j",{"title":281,"path":280,"stem":2952},"6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F05.sec03-j",{"title":2954,"path":2955,"stem":2956},"SEC04-J. Protect sensitive operations with security manager checks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F06.sec04-j",{"title":705,"path":704,"stem":2958},"6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F07.sec05-j",{"title":2960,"path":2961,"stem":2962},"SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F08.sec06-j",{"title":2964,"path":2965,"stem":2966},"SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F09.sec07-j",{"title":2968,"path":2969,"stem":2970},"SEC08-J Trusted code must discard or clean any arguments provided by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F10.sec08-j",{"title":2972,"path":2973,"stem":2974},"SEC09-J Never leak the results of certain standard API methods from trusted code to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F11.sec09-j",{"title":2976,"path":2977,"stem":2978},"SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F12.sec10-j",{"title":2980,"path":2981,"stem":2982,"children":2983},"Runtime Environment (ENV)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F1.index",[2984,2985,2989,2993,2997,3007,3011,3015],{"title":2980,"path":2981,"stem":2982},{"title":2986,"path":2987,"stem":2988},"ENV00-J. Do not sign code that performs only unprivileged operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F2.env00-j",{"title":2990,"path":2991,"stem":2992},"ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F3.env01-j",{"title":2994,"path":2995,"stem":2996},"ENV02-J. Do not trust the values of environment variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F4.env02-j",{"title":2998,"path":2999,"stem":3000,"children":3001},"ENV03-J. Do not grant dangerous combinations of permissions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F5.env03-j\u002F1.index",[3002,3003],{"title":2998,"path":2999,"stem":3000},{"title":3004,"path":3005,"stem":3006},"DUMMY ENV03-J","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv03-j\u002Fdummy-env03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F5.env03-j\u002F2.dummy-env03-j",{"title":3008,"path":3009,"stem":3010},"ENV04-J. Do not disable bytecode verification","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F6.env04-j",{"title":3012,"path":3013,"stem":3014},"ENV05-J. Do not deploy an application that can be remotely monitored","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F7.env05-j",{"title":3016,"path":3017,"stem":3018},"ENV06-J. Production code must not contain debugging entry points","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F8.env06-j",{"title":3020,"path":3021,"stem":3022,"children":3023},"Serialization (SER)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F01.index",[3024,3025,3029,3033,3037,3041,3045,3049,3053,3057,3061,3065,3069,3073],{"title":3020,"path":3021,"stem":3022},{"title":3026,"path":3027,"stem":3028},"SER00-J. Enable serialization compatibility during class evolution","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F02.ser00-j",{"title":3030,"path":3031,"stem":3032},"SER01-J. Do not deviate from the proper signatures of serialization methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F03.ser01-j",{"title":3034,"path":3035,"stem":3036},"SER02-J. Sign then seal objects before sending them outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F04.ser02-j",{"title":3038,"path":3039,"stem":3040},"SER03-J. Do not serialize unencrypted sensitive data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F05.ser03-j",{"title":3042,"path":3043,"stem":3044},"SER04-J. Do not allow serialization and deserialization to bypass the security manager","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F06.ser04-j",{"title":3046,"path":3047,"stem":3048},"SER05-J. Do not serialize instances of inner classes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F07.ser05-j",{"title":3050,"path":3051,"stem":3052},"SER06-J. Make defensive copies of private mutable components during deserialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F08.ser06-j",{"title":3054,"path":3055,"stem":3056},"SER07-J. Do not use the default serialized form for classes with implementation-defined invariants","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F09.ser07-j",{"title":3058,"path":3059,"stem":3060},"SER08-J. Minimize privileges before deserializing from a privileged context","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F10.ser08-j",{"title":3062,"path":3063,"stem":3064},"SER09-J. Do not invoke overridable methods from the readObject() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F11.ser09-j",{"title":3066,"path":3067,"stem":3068},"SER10-J. Avoid memory and resource leaks during serialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F12.ser10-j",{"title":3070,"path":3071,"stem":3072},"SER11-J. Prevent overwriting of externalizable objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F13.ser11-j",{"title":3074,"path":3075,"stem":3076},"SER12-J. Prevent deserialization of untrusted data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F14.ser12-j",{"title":3078,"path":3079,"stem":3080,"children":3081},"Thread APIs (THI)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F1.index",[3082,3083,3087,3091,3095,3099,3103],{"title":3078,"path":3079,"stem":3080},{"title":3084,"path":3085,"stem":3086},"THI00-J. Do not invoke Thread.run()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F2.thi00-j",{"title":3088,"path":3089,"stem":3090},"THI01-J. Do not invoke ThreadGroup methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F3.thi01-j",{"title":3092,"path":3093,"stem":3094},"THI02-J. Notify all waiting threads rather than a single thread","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F4.thi02-j",{"title":3096,"path":3097,"stem":3098},"THI03-J. Always invoke wait() and await() methods inside a loop","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F5.thi03-j",{"title":3100,"path":3101,"stem":3102},"THI04-J. Ensure that threads performing blocking operations can be terminated","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F6.thi04-j",{"title":3104,"path":3105,"stem":3106},"THI05-J. Do not use Thread.stop() to terminate threads","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F7.thi05-j",{"title":3108,"path":3109,"stem":3110,"children":3111},"Thread Pools (TPS)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F1.index",[3112,3113,3117,3121,3125,3129],{"title":3108,"path":3109,"stem":3110},{"title":3114,"path":3115,"stem":3116},"TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F2.tps00-j",{"title":3118,"path":3119,"stem":3120},"TPS01-J. Do not execute interdependent tasks in a bounded thread pool","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F3.tps01-j",{"title":3122,"path":3123,"stem":3124},"TPS02-J. Ensure that tasks submitted to a thread pool are interruptible","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F4.tps02-j",{"title":3126,"path":3127,"stem":3128},"TPS03-J. Ensure that tasks executing in a thread pool do not fail silently","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F5.tps03-j",{"title":3130,"path":3131,"stem":3132},"TPS04-J. Ensure ThreadLocal variables are reinitialized when using thread pools","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F6.tps04-j",{"title":3134,"path":3135,"stem":3136,"children":3137},"Thread-Safety Miscellaneous (TSM)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F1.index",[3138,3139,3143,3147,3151],{"title":3134,"path":3135,"stem":3136},{"title":3140,"path":3141,"stem":3142},"TSM00-J. Do not override thread-safe methods with methods that are not thread-safe","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F2.tsm00-j",{"title":3144,"path":3145,"stem":3146},"TSM01-J. Do not let the this reference escape during object construction","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F3.tsm01-j",{"title":3148,"path":3149,"stem":3150},"TSM02-J. Do not use background threads during class initialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F4.tsm02-j",{"title":3152,"path":3153,"stem":3154},"TSM03-J. Do not publish partially initialized objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F5.tsm03-j",{"title":3156,"path":3157,"stem":3158,"children":3159},"Visibility and Atomicity (VNA)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F1.index",[3160,3161,3165,3169,3173,3177,3181],{"title":3156,"path":3157,"stem":3158},{"title":3162,"path":3163,"stem":3164},"VNA00-J. Ensure visibility when accessing shared primitive variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F2.vna00-j",{"title":3166,"path":3167,"stem":3168},"VNA01-J. Ensure visibility of shared references to immutable objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F3.vna01-j",{"title":3170,"path":3171,"stem":3172},"VNA02-J. Ensure that compound operations on shared variables are atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F4.vna02-j",{"title":3174,"path":3175,"stem":3176},"VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F5.vna03-j",{"title":3178,"path":3179,"stem":3180},"VNA04-J. Ensure that calls to chained methods are atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F6.vna04-j",{"title":3182,"path":3183,"stem":3184},"VNA05-J. Ensure atomicity when reading and writing 64-bit values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F7.vna05-j",{"title":3186,"path":3187,"stem":3188,"children":3189},"Recommendations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F01.index",[3190,3191,3204,3222,3275,3300,3329,3350,3383,3416,3477,3502,3543],{"title":3186,"path":3187,"stem":3188},{"title":2364,"path":3192,"stem":3193,"children":3194},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F1.index",[3195,3196,3200],{"title":2364,"path":3192,"stem":3193},{"title":3197,"path":3198,"stem":3199},"STR50-J. Use the appropriate method for counting characters in a string","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F2.str50-j",{"title":3201,"path":3202,"stem":3203},"STR51-J. Use the charset encoder and decoder classes when more control over the encoding process is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F3.str51-j",{"title":3205,"path":3206,"stem":3207,"children":3208},"Concurrency (CON)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F1.index",[3209,3210,3214,3218],{"title":3205,"path":3206,"stem":3207},{"title":3211,"path":3212,"stem":3213},"CON50-J. Do not assume that declaring a reference volatile guarantees safe publication of the members of the referenced object","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F2.con50-j",{"title":3215,"path":3216,"stem":3217},"CON51-J. Do not assume that the sleep(), yield(), or getState() methods provide synchronization semantics","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F3.con51-j",{"title":3219,"path":3220,"stem":3221},"CON52-J. Document thread-safety and use annotations where applicable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F4.con52-j",{"title":2390,"path":3223,"stem":3224,"children":3225},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F01.index",[3226,3227,3231,3235,3239,3243,3247,3251,3255,3259,3263,3267,3271],{"title":2390,"path":3223,"stem":3224},{"title":3228,"path":3229,"stem":3230},"DCL50-J. Use visually distinct identifiers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F02.dcl50-j",{"title":3232,"path":3233,"stem":3234},"DCL51-J. Do not shadow or obscure identifiers in subscopes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F03.dcl51-j",{"title":3236,"path":3237,"stem":3238},"DCL52-J. Do not declare more than one variable per declaration","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F04.dcl52-j",{"title":3240,"path":3241,"stem":3242},"DCL53-J. Minimize the scope of variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F05.dcl53-j",{"title":3244,"path":3245,"stem":3246},"DCL54-J. Use meaningful symbolic constants to represent literal values in program logic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F06.dcl54-j",{"title":3248,"path":3249,"stem":3250},"DCL55-J. Properly encode relationships in constant definitions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F07.dcl55-j",{"title":3252,"path":3253,"stem":3254},"DCL56-J. Do not attach significance to the ordinal associated with an enum","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F08.dcl56-j",{"title":3256,"path":3257,"stem":3258},"DCL57-J. Avoid ambiguous overloading of variable arity methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F09.dcl57-j",{"title":3260,"path":3261,"stem":3262},"DCL58-J. Enable compile-time type checking of variable arity parameter types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F10.dcl58-j",{"title":3264,"path":3265,"stem":3266},"DCL59-J. Do not apply public final to constants whose value might change in later releases","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl59-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F11.dcl59-j",{"title":3268,"path":3269,"stem":3270},"DCL60-J. Avoid cyclic dependencies between packages","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl60-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F12.dcl60-j",{"title":3272,"path":3273,"stem":3274},"DCL61-J. Do not use raw types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl61-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F13.dcl61-j",{"title":2408,"path":3276,"stem":3277,"children":3278},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F1.index",[3279,3280,3284,3288,3292,3296],{"title":2408,"path":3276,"stem":3277},{"title":3281,"path":3282,"stem":3283},"ERR50-J. Use exceptions only for exceptional conditions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F2.err50-j",{"title":3285,"path":3286,"stem":3287},"ERR51-J. Prefer user-defined exceptions over more general exception types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F3.err51-j",{"title":3289,"path":3290,"stem":3291},"ERR52-J. Avoid in-band error indicators","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F4.err52-j",{"title":3293,"path":3294,"stem":3295},"ERR53-J. Try to gracefully recover from system errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F5.err53-j",{"title":3297,"path":3298,"stem":3299},"ERR54-J. Use a try-with-resources statement to safely handle closeable resources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F6.err54-j",{"title":2454,"path":3301,"stem":3302,"children":3303},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F1.index",[3304,3305,3309,3313,3317,3321,3325],{"title":2454,"path":3301,"stem":3302},{"title":3306,"path":3307,"stem":3308},"EXP50-J. Do not confuse abstract object equality with reference equality","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F2.exp50-j",{"title":3310,"path":3311,"stem":3312},"EXP51-J. Do not perform assignments in conditional expressions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F3.exp51-j",{"title":3314,"path":3315,"stem":3316},"EXP52-J. Use braces for the body of an if, for, or while statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F4.exp52-j",{"title":3318,"path":3319,"stem":3320},"EXP53-J. Use parentheses for precedence of operation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F5.exp53-j",{"title":3322,"path":3323,"stem":3324},"EXP54-J. Understand the differences between bitwise and logical operators","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F6.exp54-j",{"title":3326,"path":3327,"stem":3328},"EXP55-J. Use the same type for the second and third operands in conditional expressions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F7.exp55-j",{"title":2492,"path":3330,"stem":3331,"children":3332},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F1.index",[3333,3334,3338,3342,3346],{"title":2492,"path":3330,"stem":3331},{"title":3335,"path":3336,"stem":3337},"FIO50-J. Do not make assumptions about file creation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F2.fio50-j",{"title":3339,"path":3340,"stem":3341},"FIO51-J. Identify files using multiple file attributes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F3.fio51-j",{"title":3343,"path":3344,"stem":3345},"FIO52-J. Do not store unencrypted sensitive information on the client side","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F4.fio52-j",{"title":3347,"path":3348,"stem":3349},"FIO53-J. Use the serialization methods writeUnshared() and readUnshared() with care","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F5.fio53-j",{"title":2566,"path":3351,"stem":3352,"children":3353},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F1.index",[3354,3355,3359,3363,3367,3371,3375,3379],{"title":2566,"path":3351,"stem":3352},{"title":3356,"path":3357,"stem":3358},"IDS50-J. Use conservative file naming conventions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F2.ids50-j",{"title":3360,"path":3361,"stem":3362},"IDS51-J. Properly encode or escape output","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F3.ids51-j",{"title":3364,"path":3365,"stem":3366},"IDS52-J. Prevent code injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F4.ids52-j",{"title":3368,"path":3369,"stem":3370},"IDS53-J. Prevent XPath Injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F5.ids53-j",{"title":3372,"path":3373,"stem":3374},"IDS54-J. Prevent LDAP injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F6.ids54-j",{"title":3376,"path":3377,"stem":3378},"IDS55-J. Understand how escape characters are interpreted when strings are loaded","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F7.ids55-j",{"title":3380,"path":3381,"stem":3382},"IDS56-J. Prevent arbitrary file upload","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F8.ids56-j",{"title":2700,"path":3384,"stem":3385,"children":3386},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F1.index",[3387,3388,3392,3396,3400,3404,3408,3412],{"title":2700,"path":3384,"stem":3385},{"title":3389,"path":3390,"stem":3391},"MET50-J. Avoid ambiguous or confusing uses of overloading","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F2.met50-j",{"title":3393,"path":3394,"stem":3395},"MET51-J. Do not use overloaded methods to differentiate between runtime types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F3.met51-j",{"title":3397,"path":3398,"stem":3399},"MET52-J. Do not use the clone() method to copy untrusted method parameters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F4.met52-j",{"title":3401,"path":3402,"stem":3403},"MET53-J. Ensure that the clone() method calls super.clone()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F5.met53-j",{"title":3405,"path":3406,"stem":3407},"MET54-J. Always provide feedback about the resulting value of a method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F6.met54-j",{"title":3409,"path":3410,"stem":3411},"MET55-J. Return an empty array or collection instead of a null value for methods that return an array or collection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F7.met55-j",{"title":3413,"path":3414,"stem":3415},"MET56-J. Do not use Object.equals() to compare cryptographic keys","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F8.met56-j",{"title":2762,"path":3417,"stem":3418,"children":3419},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F01.index",[3420,3421,3425,3429,3433,3437,3441,3445,3449,3453,3457,3461,3465,3469,3473],{"title":2762,"path":3417,"stem":3418},{"title":3422,"path":3423,"stem":3424},"MSC50-J. Minimize the scope of the @SuppressWarnings annotation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F02.msc50-j",{"title":3426,"path":3427,"stem":3428},"MSC51-J. Do not place a semicolon immediately following an if, for, or while condition","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F03.msc51-j",{"title":3430,"path":3431,"stem":3432},"MSC52-J. Finish every set of statements associated with a case label with a break statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F04.msc52-j",{"title":3434,"path":3435,"stem":3436},"MSC53-J. Carefully design interfaces before releasing them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F05.msc53-j",{"title":3438,"path":3439,"stem":3440},"MSC54-J. Avoid inadvertent wrapping of loop counters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F06.msc54-j",{"title":3442,"path":3443,"stem":3444},"MSC55-J. Use comments consistently and in a readable fashion","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F07.msc55-j",{"title":3446,"path":3447,"stem":3448},"MSC56-J. Detect and remove superfluous code and values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F08.msc56-j",{"title":3450,"path":3451,"stem":3452},"MSC57-J. Strive for logical completeness","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F09.msc57-j",{"title":3454,"path":3455,"stem":3456},"MSC58-J. Prefer using iterators over enumerations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F10.msc58-j",{"title":3458,"path":3459,"stem":3460},"MSC59-J. Limit the lifetime of sensitive data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc59-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F11.msc59-j",{"title":3462,"path":3463,"stem":3464},"MSC60-J. Do not use assertions to verify the absence of runtime errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc60-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F12.msc60-j",{"title":3466,"path":3467,"stem":3468},"MSC61-J. Do not use insecure or weak cryptographic algorithms","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc61-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F13.msc61-j",{"title":3470,"path":3471,"stem":3472},"MSC62-J. Store passwords using a hash function","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc62-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F14.msc62-j",{"title":3474,"path":3475,"stem":3476},"MSC63-J. Ensure that SecureRandom is properly seeded","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc63-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F15.msc63-j",{"title":2816,"path":3478,"stem":3479,"children":3480},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F1.index",[3481,3482,3486,3490,3494,3498],{"title":2816,"path":3478,"stem":3479},{"title":3483,"path":3484,"stem":3485},"NUM50-J. Convert integers to floating point for floating-point operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F2.num50-j",{"title":3487,"path":3488,"stem":3489},"NUM51-J. Do not assume that the remainder operator always returns a nonnegative result for integral operands","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F3.num51-j",{"title":3491,"path":3492,"stem":3493},"NUM52-J. Be aware of numeric promotion behavior","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F4.num52-j",{"title":3495,"path":3496,"stem":3497},"NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F5.num53-j",{"title":3499,"path":3500,"stem":3501},"NUM54-J. Do not use denormalized numbers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F6.num54-j",{"title":2874,"path":3503,"stem":3504,"children":3505},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F01.index",[3506,3507,3511,3515,3519,3523,3527,3531,3535,3539],{"title":2874,"path":3503,"stem":3504},{"title":3508,"path":3509,"stem":3510},"OBJ50-J. Never confuse the immutability of a reference with that of the referenced object","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F02.obj50-j",{"title":3512,"path":3513,"stem":3514},"OBJ51-J. Minimize the accessibility of classes and their members","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F03.obj51-j",{"title":3516,"path":3517,"stem":3518},"OBJ52-J. Write garbage-collection-friendly code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F04.obj52-j",{"title":3520,"path":3521,"stem":3522},"OBJ53-J. Do not use direct buffers for short-lived, infrequently used objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F05.obj53-j",{"title":3524,"path":3525,"stem":3526},"OBJ54-J. Do not attempt to help the garbage collector by setting local reference variables to null","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F06.obj54-j",{"title":3528,"path":3529,"stem":3530},"OBJ55-J. Remove short-lived objects from long-lived container objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F07.obj55-j",{"title":3532,"path":3533,"stem":3534},"OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F08.obj56-j",{"title":3536,"path":3537,"stem":3538},"OBJ57-J. Do not rely on methods that can be overridden by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F09.obj57-j",{"title":3540,"path":3541,"stem":3542},"OBJ58-J. Limit the extensibility of classes and methods with invariants","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F10.obj58-j",{"title":2936,"path":3544,"stem":3545,"children":3546},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F01.index",[3547,3548,3552,3553,3554,3555,3559,3563,3567,3571],{"title":2936,"path":3544,"stem":3545},{"title":3549,"path":3550,"stem":3551},"SEC50-J. Avoid granting excess privileges","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F02.sec50-j",{"title":2201,"path":2147,"stem":2202},{"title":30,"path":2195,"stem":2197},{"title":2204,"path":2161,"stem":2205},{"title":3556,"path":3557,"stem":3558},"SEC54-J. Create a secure sandbox using a security manager","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F06.sec54-j",{"title":3560,"path":3561,"stem":3562},"SEC55-J. Ensure that security-sensitive methods are called with validated arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F07.sec55-j",{"title":3564,"path":3565,"stem":3566},"SEC56-J. Do not serialize direct handles to system resources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F08.sec56-j",{"title":3568,"path":3569,"stem":3570},"SEC57-J. Do not let untrusted code misuse privileges of callback methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F09.sec57-j",{"title":3572,"path":3573,"stem":3574},"SEC58-J. Deserialization methods should not perform potentially dangerous operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F10.sec58-j",{"title":3576,"path":3577,"stem":3578,"children":3579},"Back Matter","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F1.index",[3580,3581,3585,3589,3593,3597,3723,3749],{"title":3576,"path":3577,"stem":3578},{"title":3582,"path":3583,"stem":3584},"Rec. AA. References","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F2.rec-aa-references",{"title":3586,"path":3587,"stem":3588},"Rec. BB. Definitions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-bb-definitions","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F3.rec-bb-definitions",{"title":3590,"path":3591,"stem":3592},"Rule AA. References","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F4.rule-aa-references",{"title":3594,"path":3595,"stem":3596},"Rule BB. Glossary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-bb-glossary","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F5.rule-bb-glossary",{"title":3598,"path":3599,"stem":3600,"children":3601},"Rule or Rec. CC. Analyzers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F01.index",[3602,3603,3607,3611,3615,3619,3623,3627,3631,3635,3639,3643,3647,3651,3655,3659,3663,3667,3671,3675,3679,3683,3687,3691,3695,3699,3703,3707,3711,3715,3719],{"title":3598,"path":3599,"stem":3600},{"title":3604,"path":3605,"stem":3606},"CodeSonar","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcodesonar","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F02.codesonar",{"title":3608,"path":3609,"stem":3610},"CodeSonar_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcodesonar_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F03.codesonar_v",{"title":3612,"path":3613,"stem":3614},"Coverity","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcoverity","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F04.coverity",{"title":3616,"path":3617,"stem":3618},"Coverity_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcoverity_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F05.coverity_v",{"title":3620,"path":3621,"stem":3622},"Eclipse","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Feclipse","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F06.eclipse",{"title":3624,"path":3625,"stem":3626},"Eclipse_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Feclipse_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F07.eclipse_v",{"title":3628,"path":3629,"stem":3630},"Error Prone","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ferror-prone","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F08.error-prone",{"title":3632,"path":3633,"stem":3634},"Error Prone_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ferror-prone_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F09.error-prone_v",{"title":3636,"path":3637,"stem":3638},"Findbugs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffindbugs","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F10.findbugs",{"title":3640,"path":3641,"stem":3642},"Findbugs_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffindbugs_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F11.findbugs_v",{"title":3644,"path":3645,"stem":3646},"Fortify","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffortify","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F12.fortify",{"title":3648,"path":3649,"stem":3650},"Fortify_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffortify_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F13.fortify_v",{"title":3652,"path":3653,"stem":3654},"Klocwork","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fklocwork","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F14.klocwork",{"title":3656,"path":3657,"stem":3658},"Klocwork_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fklocwork_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F15.klocwork_v",{"title":3660,"path":3661,"stem":3662},"Parasoft","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fparasoft","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F16.parasoft",{"title":3664,"path":3665,"stem":3666},"Parasoft_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fparasoft_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F17.parasoft_v",{"title":3668,"path":3669,"stem":3670},"Pmd","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpmd","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F18.pmd",{"title":3672,"path":3673,"stem":3674},"Pmd_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpmd_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F19.pmd_v",{"title":3676,"path":3677,"stem":3678},"PVS-Studio","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpvs-studio","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F20.pvs-studio",{"title":3680,"path":3681,"stem":3682},"PVS-Studio_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpvs-studio_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F21.pvs-studio_v",{"title":3684,"path":3685,"stem":3686},"Security Reviewer - Static Reviewer","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsecurity-reviewer-static-reviewer","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F22.security-reviewer-static-reviewer",{"title":3688,"path":3689,"stem":3690},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsecurity-reviewer-static-reviewer_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F23.security-reviewer-static-reviewer_v",{"title":3692,"path":3693,"stem":3694},"SonarQube","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsonarqube","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F24.sonarqube",{"title":3696,"path":3697,"stem":3698},"SonarQube_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsonarqube_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F25.sonarqube_v",{"title":3700,"path":3701,"stem":3702},"SpotBugs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fspotbugs","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F26.spotbugs",{"title":3704,"path":3705,"stem":3706},"SpotBugs_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fspotbugs_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F27.spotbugs_v",{"title":3708,"path":3709,"stem":3710},"The Checker Framework","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthe-checker-framework","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F28.the-checker-framework",{"title":3712,"path":3713,"stem":3714},"The Checker Framework_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthe-checker-framework_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F29.the-checker-framework_v",{"title":3716,"path":3717,"stem":3718},"ThreadSafe","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthreadsafe","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F30.threadsafe",{"title":3720,"path":3721,"stem":3722},"ThreadSafe_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthreadsafe_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F31.threadsafe_v",{"title":3724,"path":3725,"stem":3726,"children":3727},"Rule or Rec. DD. Related Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F1.index",[3728,3729,3733,3737,3741,3745],{"title":3724,"path":3725,"stem":3726},{"title":3730,"path":3731,"stem":3732},"2010","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002F2.2010","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F2.2010",{"title":3734,"path":3735,"stem":3736},"2013","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002F3.2013","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F3.2013",{"title":3738,"path":3739,"stem":3740},"MITRE CAPEC","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fmitre-capec","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F4.mitre-capec",{"title":3742,"path":3743,"stem":3744},"MITRE CWE","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fmitre-cwe","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F5.mitre-cwe",{"title":3746,"path":3747,"stem":3748},"SECURE CODING GUIDELINES FOR JAVA SE, VERSION 5.0","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fsecure-coding-guidelines-for-java-se-version-50","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F6.secure-coding-guidelines-for-java-se-version-50",{"title":3750,"path":3751,"stem":3752},"Rule or Rec. EE. Risk Assessments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-ee-risk-assessments","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F8.rule-or-rec-ee-risk-assessments",{"title":3754,"path":3755,"stem":3756,"children":3757},"Admin","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F1.index",[3758,3759,3763,3767,3771,3775],{"title":3754,"path":3755,"stem":3756},{"title":3760,"path":3761,"stem":3762},"All Guidelines with Classification","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Fall-guidelines-with-classification","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F2.all-guidelines-with-classification",{"title":3764,"path":3765,"stem":3766},"Normative Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Fnormative-guidelines","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F3.normative-guidelines",{"title":3768,"path":3769,"stem":3770},"Tech-edit","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Ftech-edit","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F4.tech-edit",{"title":3772,"path":3773,"stem":3774},"TODO List","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Ftodo-list","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F5.todo-list",{"title":3772,"path":3773,"stem":3776},"6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F6.todo-list",1775657809815]