[{"data":1,"prerenderedAt":3727},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc11-j":28,"surround-\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc11-j":2158,"sidebar-sei-cert-oracle-coding-standard-for-java":2166},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":2146,"extension":2147,"meta":2148,"navigation":7,"path":2154,"seo":2155,"stem":2156,"__hash__":2157},"content\u002F6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F13.msc11-j.md","MSC11-J. Do not let session information leak within a servlet",{"type":32,"value":33,"toc":2136},"minimark",[34,38,47,82,89,94,101,676,700,703,711,765,768,781,1273,1277,1297,1794,1798,1801,1867,1871,2015,2019,2048,2052,2108,2111,2132],[35,36,30],"h1",{"id":37},"msc11-j-do-not-let-session-information-leak-within-a-servlet",[39,40,41,42,46],"p",{},"Java servlets often must store information associated with each client that connects to them. Using member fields in the ",[43,44,45],"code",{},"javax.servlet.http.HttpServlet"," to store information specific to individual clients is a common, simple practice. However, doing so is a mistake for the following reasons:",[48,49,50,71,79],"ul",{},[51,52,53,54,61,62,65,66,70],"li",{},"In any Java servlet container, such as ",[55,56,60],"a",{"href":57,"rel":58},"http:\u002F\u002Ftomcat.apache.org\u002F",[59],"nofollow","Apache Tomcat"," , ",[43,63,64],{},"HttpServlet"," is a singleton class (see ",[55,67,69],{"href":68},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc07-j","MSC07-J. Prevent multiple instantiations of singleton objects"," for information related to singleton classes). Therefore, there can be only one instance of member variables, even if they are not declared static.",[51,72,73,74,78],{},"A servlet container is permitted to invoke the servlet from multiple threads. Consequently, accessing fields in the servlet can lead to ",[55,75,77],{"href":76},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-bb-glossary","data races"," .",[51,80,81],{},"If two clients initiate sessions with the servlet, the servlet can leak information from one client to the other client.",[39,83,84,85,88],{},"Java servlets provide an ",[43,86,87],{},"HttpSession"," class for storing session-specific data, which is encoded in each web request. Use of this class prevents both cross-session information leakage and data races.",[90,91,93],"h2",{"id":92},"noncompliant-code-example","Noncompliant Code Example",[39,95,96,97,100],{},"This noncompliant code example creates a servlet that prompts the user for an email address, then repeats the address back to the user. The previous address is stored in the ",[43,98,99],{},"lastAddr"," variable, which is an instance field.",[102,103,105],"code-block",{"quality":104},"bad",[106,107,112],"pre",{"className":108,"code":109,"language":110,"meta":111,"style":111},"language-java shiki shiki-themes github-light github-dark monokai","public class SampleServlet extends HttpServlet {\n\n  private String lastAddr = \"nobody@nowhere.com\";\n\n  public void doGet(HttpServletRequest request, HttpServletResponse response)\n    throws IOException, ServletException {\n    response.setContentType(\"text\u002Fhtml\");\n    PrintWriter out = response.getWriter();\n    out.println(\"\u003Chtml>\");\n\n    String emailAddr = request.getParameter(\"emailAddr\");\n\n    if (emailAddr != null) {\n      out.println(\"Email Address:\");\n      out.println(sanitize(emailAddr));\n      out.println(\"\u003Cbr>Previous Address:\");\n      out.println(sanitize(lastAddr));\n    };\n\n    out.println(\"\u003Cp>\");\n    out.print(\"\u003Cform action=\\\"\");\n    out.print(\"SampleServlet\\\" \");\n    out.println(\"method=POST>\");\n    out.println(\"Parameter:\");\n    out.println(\"\u003Cinput type=text size=20 name=emailAddr>\");\n    out.println(\"\u003Cbr>\");\n    out.println(\"\u003Cinput type=submit>\");\n    out.println(\"\u003C\u002Fform>\");\n\n    lastAddr = emailAddr;\n  }\n\n  public void doPost(HttpServletRequest request, HttpServletResponse response)\n    throws IOException, ServletException {\n    doGet(request, response);\n  }\n\n  \u002F\u002F Filter the specified message string for characters\n  \u002F\u002F that are sensitive in HTML.\n  public static String sanitize(String message) {\n    \u002F\u002F ...\n  }\n}\n","java","",[43,113,114,141,147,170,175,211,227,244,264,280,285,309,314,333,348,363,377,391,397,402,416,437,456,470,484,498,512,526,540,545,556,562,567,591,604,613,618,623,630,636,659,665,670],{"__ignoreMap":111},[115,116,119,123,126,130,133,137],"span",{"class":117,"line":118},"line",1,[115,120,122],{"class":121},"sC2Qs","public",[115,124,125],{"class":121}," class",[115,127,129],{"class":128},"sz2Vg"," SampleServlet",[115,131,132],{"class":121}," extends",[115,134,136],{"class":135},"s30JN"," HttpServlet",[115,138,140],{"class":139},"sMOD_"," {\n",[115,142,144],{"class":117,"line":143},2,[115,145,146],{"emptyLinePlaceholder":7},"\n",[115,148,150,153,157,160,163,167],{"class":117,"line":149},3,[115,151,152],{"class":121},"  private",[115,154,156],{"class":155},"sk8M1"," String",[115,158,159],{"class":139}," lastAddr ",[115,161,162],{"class":121},"=",[115,164,166],{"class":165},"sstjo"," \"nobody@nowhere.com\"",[115,168,169],{"class":139},";\n",[115,171,173],{"class":117,"line":172},4,[115,174,146],{"emptyLinePlaceholder":7},[115,176,178,181,185,189,192,195,199,202,205,208],{"class":117,"line":177},5,[115,179,180],{"class":121},"  public",[115,182,184],{"class":183},"sq6CD"," void",[115,186,188],{"class":187},"srTi1"," doGet",[115,190,191],{"class":139},"(",[115,193,194],{"class":155},"HttpServletRequest",[115,196,198],{"class":197},"sTHNf"," request",[115,200,201],{"class":139},", ",[115,203,204],{"class":155},"HttpServletResponse",[115,206,207],{"class":197}," response",[115,209,210],{"class":139},")\n",[115,212,214,217,220,222,225],{"class":117,"line":213},6,[115,215,216],{"class":121},"    throws",[115,218,219],{"class":155}," IOException",[115,221,201],{"class":139},[115,223,224],{"class":155},"ServletException",[115,226,140],{"class":139},[115,228,230,233,236,238,241],{"class":117,"line":229},7,[115,231,232],{"class":139},"    response.",[115,234,235],{"class":187},"setContentType",[115,237,191],{"class":139},[115,239,240],{"class":165},"\"text\u002Fhtml\"",[115,242,243],{"class":139},");\n",[115,245,247,250,253,255,258,261],{"class":117,"line":246},8,[115,248,249],{"class":155},"    PrintWriter",[115,251,252],{"class":139}," out ",[115,254,162],{"class":121},[115,256,257],{"class":139}," response.",[115,259,260],{"class":187},"getWriter",[115,262,263],{"class":139},"();\n",[115,265,267,270,273,275,278],{"class":117,"line":266},9,[115,268,269],{"class":139},"    out.",[115,271,272],{"class":187},"println",[115,274,191],{"class":139},[115,276,277],{"class":165},"\"\u003Chtml>\"",[115,279,243],{"class":139},[115,281,283],{"class":117,"line":282},10,[115,284,146],{"emptyLinePlaceholder":7},[115,286,288,291,294,296,299,302,304,307],{"class":117,"line":287},11,[115,289,290],{"class":155},"    String",[115,292,293],{"class":139}," emailAddr ",[115,295,162],{"class":121},[115,297,298],{"class":139}," request.",[115,300,301],{"class":187},"getParameter",[115,303,191],{"class":139},[115,305,306],{"class":165},"\"emailAddr\"",[115,308,243],{"class":139},[115,310,312],{"class":117,"line":311},12,[115,313,146],{"emptyLinePlaceholder":7},[115,315,317,320,323,326,330],{"class":117,"line":316},13,[115,318,319],{"class":121},"    if",[115,321,322],{"class":139}," (emailAddr ",[115,324,325],{"class":121},"!=",[115,327,329],{"class":328},"s7F3e"," null",[115,331,332],{"class":139},") {\n",[115,334,336,339,341,343,346],{"class":117,"line":335},14,[115,337,338],{"class":139},"      out.",[115,340,272],{"class":187},[115,342,191],{"class":139},[115,344,345],{"class":165},"\"Email Address:\"",[115,347,243],{"class":139},[115,349,351,353,355,357,360],{"class":117,"line":350},15,[115,352,338],{"class":139},[115,354,272],{"class":187},[115,356,191],{"class":139},[115,358,359],{"class":187},"sanitize",[115,361,362],{"class":139},"(emailAddr));\n",[115,364,366,368,370,372,375],{"class":117,"line":365},16,[115,367,338],{"class":139},[115,369,272],{"class":187},[115,371,191],{"class":139},[115,373,374],{"class":165},"\"\u003Cbr>Previous Address:\"",[115,376,243],{"class":139},[115,378,380,382,384,386,388],{"class":117,"line":379},17,[115,381,338],{"class":139},[115,383,272],{"class":187},[115,385,191],{"class":139},[115,387,359],{"class":187},[115,389,390],{"class":139},"(lastAddr));\n",[115,392,394],{"class":117,"line":393},18,[115,395,396],{"class":139},"    };\n",[115,398,400],{"class":117,"line":399},19,[115,401,146],{"emptyLinePlaceholder":7},[115,403,405,407,409,411,414],{"class":117,"line":404},20,[115,406,269],{"class":139},[115,408,272],{"class":187},[115,410,191],{"class":139},[115,412,413],{"class":165},"\"\u003Cp>\"",[115,415,243],{"class":139},[115,417,419,421,424,426,429,432,435],{"class":117,"line":418},21,[115,420,269],{"class":139},[115,422,423],{"class":187},"print",[115,425,191],{"class":139},[115,427,428],{"class":165},"\"\u003Cform action=",[115,430,431],{"class":328},"\\\"",[115,433,434],{"class":165},"\"",[115,436,243],{"class":139},[115,438,440,442,444,446,449,451,454],{"class":117,"line":439},22,[115,441,269],{"class":139},[115,443,423],{"class":187},[115,445,191],{"class":139},[115,447,448],{"class":165},"\"SampleServlet",[115,450,431],{"class":328},[115,452,453],{"class":165}," \"",[115,455,243],{"class":139},[115,457,459,461,463,465,468],{"class":117,"line":458},23,[115,460,269],{"class":139},[115,462,272],{"class":187},[115,464,191],{"class":139},[115,466,467],{"class":165},"\"method=POST>\"",[115,469,243],{"class":139},[115,471,473,475,477,479,482],{"class":117,"line":472},24,[115,474,269],{"class":139},[115,476,272],{"class":187},[115,478,191],{"class":139},[115,480,481],{"class":165},"\"Parameter:\"",[115,483,243],{"class":139},[115,485,487,489,491,493,496],{"class":117,"line":486},25,[115,488,269],{"class":139},[115,490,272],{"class":187},[115,492,191],{"class":139},[115,494,495],{"class":165},"\"\u003Cinput type=text size=20 name=emailAddr>\"",[115,497,243],{"class":139},[115,499,501,503,505,507,510],{"class":117,"line":500},26,[115,502,269],{"class":139},[115,504,272],{"class":187},[115,506,191],{"class":139},[115,508,509],{"class":165},"\"\u003Cbr>\"",[115,511,243],{"class":139},[115,513,515,517,519,521,524],{"class":117,"line":514},27,[115,516,269],{"class":139},[115,518,272],{"class":187},[115,520,191],{"class":139},[115,522,523],{"class":165},"\"\u003Cinput type=submit>\"",[115,525,243],{"class":139},[115,527,529,531,533,535,538],{"class":117,"line":528},28,[115,530,269],{"class":139},[115,532,272],{"class":187},[115,534,191],{"class":139},[115,536,537],{"class":165},"\"\u003C\u002Fform>\"",[115,539,243],{"class":139},[115,541,543],{"class":117,"line":542},29,[115,544,146],{"emptyLinePlaceholder":7},[115,546,548,551,553],{"class":117,"line":547},30,[115,549,550],{"class":139},"    lastAddr ",[115,552,162],{"class":121},[115,554,555],{"class":139}," emailAddr;\n",[115,557,559],{"class":117,"line":558},31,[115,560,561],{"class":139},"  }\n",[115,563,565],{"class":117,"line":564},32,[115,566,146],{"emptyLinePlaceholder":7},[115,568,570,572,574,577,579,581,583,585,587,589],{"class":117,"line":569},33,[115,571,180],{"class":121},[115,573,184],{"class":183},[115,575,576],{"class":187}," doPost",[115,578,191],{"class":139},[115,580,194],{"class":155},[115,582,198],{"class":197},[115,584,201],{"class":139},[115,586,204],{"class":155},[115,588,207],{"class":197},[115,590,210],{"class":139},[115,592,594,596,598,600,602],{"class":117,"line":593},34,[115,595,216],{"class":121},[115,597,219],{"class":155},[115,599,201],{"class":139},[115,601,224],{"class":155},[115,603,140],{"class":139},[115,605,607,610],{"class":117,"line":606},35,[115,608,609],{"class":187},"    doGet",[115,611,612],{"class":139},"(request, response);\n",[115,614,616],{"class":117,"line":615},36,[115,617,561],{"class":139},[115,619,621],{"class":117,"line":620},37,[115,622,146],{"emptyLinePlaceholder":7},[115,624,626],{"class":117,"line":625},38,[115,627,629],{"class":628},"s8-w5","  \u002F\u002F Filter the specified message string for characters\n",[115,631,633],{"class":117,"line":632},39,[115,634,635],{"class":628},"  \u002F\u002F that are sensitive in HTML.\n",[115,637,639,641,644,646,649,651,654,657],{"class":117,"line":638},40,[115,640,180],{"class":121},[115,642,643],{"class":121}," static",[115,645,156],{"class":155},[115,647,648],{"class":187}," sanitize",[115,650,191],{"class":139},[115,652,653],{"class":155},"String",[115,655,656],{"class":197}," message",[115,658,332],{"class":139},[115,660,662],{"class":117,"line":661},41,[115,663,664],{"class":628},"    \u002F\u002F ...\n",[115,666,668],{"class":117,"line":667},42,[115,669,561],{"class":139},[115,671,673],{"class":117,"line":672},43,[115,674,675],{"class":139},"}\n",[39,677,678,679,681,682,684,685,687,688,692,693,695,696,78],{},"Because the ",[43,680,64],{}," class is a singleton, there is only one ",[43,683,99],{}," field shared by every client who accesses the servlet. Consequently, the contents of the ",[43,686,99],{}," field can be the previous setting of the field by a different client. Also, because this code example lacks ",[55,689,691],{"href":690},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-bb-glossary#RuleBB.Glossary-thread-safe","thread-safety"," , it is possible for the ",[43,694,99],{}," field to take on a stale value should two clients request the parameter simultaneously, which violates ",[55,697,699],{"href":698},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna01-j","VNA01-J. Ensure visibility of shared references to immutable objects",[90,701,93],{"id":702},"noncompliant-code-example-1",[39,704,705,706,708,709,78],{},"In this noncompliant code example, the ",[43,707,99],{}," field is static. It more accurately reflects the fact that there is never more than a single instance of the field. However, this code has the same behavior as the previous noncompliant code example and also violates ",[55,710,699],{"href":698},[102,712,713],{"quality":104},[106,714,716],{"className":108,"code":715,"language":110,"meta":111,"style":111},"public class SampleServlet extends HttpServlet {\n\n  private static String lastAddr = \"nobody@nowhere.com\";\n\n  \u002F\u002F ... Other methods unchanged\n}\n",[43,717,718,732,736,752,756,761],{"__ignoreMap":111},[115,719,720,722,724,726,728,730],{"class":117,"line":118},[115,721,122],{"class":121},[115,723,125],{"class":121},[115,725,129],{"class":128},[115,727,132],{"class":121},[115,729,136],{"class":135},[115,731,140],{"class":139},[115,733,734],{"class":117,"line":143},[115,735,146],{"emptyLinePlaceholder":7},[115,737,738,740,742,744,746,748,750],{"class":117,"line":149},[115,739,152],{"class":121},[115,741,643],{"class":121},[115,743,156],{"class":155},[115,745,159],{"class":139},[115,747,162],{"class":121},[115,749,166],{"class":165},[115,751,169],{"class":139},[115,753,754],{"class":117,"line":172},[115,755,146],{"emptyLinePlaceholder":7},[115,757,758],{"class":117,"line":177},[115,759,760],{"class":628},"  \u002F\u002F ... Other methods unchanged\n",[115,762,763],{"class":117,"line":213},[115,764,675],{"class":139},[90,766,93],{"id":767},"noncompliant-code-example-2",[39,769,705,770,772,773,777,778,780],{},[43,771,99],{}," field is static and is protected from concurrent access by a separate lock object, as is recommended by ",[55,774,776],{"href":775},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck00-j","LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code"," . This approach guarantees ",[55,779,691],{"href":690}," in the servlet. However, the servlet can still return the email address provided by a different session.",[102,782,783],{"quality":104},[106,784,786],{"className":108,"code":785,"language":110,"meta":111,"style":111},"public class SampleServlet extends HttpServlet {\n \n  private static String lastAddr = \"nobody@nowhere.com\";\n  private static final Object lastAddrLock = new Object();\n\n  public void doGet(HttpServletRequest request, HttpServletResponse response)\n    throws IOException, ServletException {\n    response.setContentType(\"text\u002Fhtml\");\n    PrintWriter out = response.getWriter();\n    out.println(\"\u003Chtml>\");\n \n    String emailAddr = request.getParameter(\"emailAddr\");\n \n    if (emailAddr != null) {\n      out.println(\"Email Address::\");\n      out.println(sanitize(emailAddr));\n      synchronized (lock) {\n        out.println(\"\u003Cbr>Previous Email Address::\");\n        out.println(sanitize(lastAddr));\n      }\n    };\n \n    out.println(\"\u003Cp>\");\n    out.print(\"\u003Cform action=\\\"\");\n    out.print(\"SampleServlet\\\" \");\n    out.println(\"method=POST>\");\n    out.println(\"Parameter:\");\n    out.println(\"\u003Cinput type=text size=20 name=emailAddr>\");\n    out.println(\"\u003Cbr>\");\n    out.println(\"\u003Cinput type=submit>\");\n    out.println(\"\u003C\u002Fform>\");\n \n    synchronized (lock) {\n      lastAddr = emailAddr;\n    }\n  }\n \n  public void doPost(HttpServletRequest request, HttpServletResponse response)\n    throws IOException, ServletException {\n    doGet(request, response);\n  }\n\n  \u002F\u002F Filter the specified message string for characters\n  \u002F\u002F that are sensitive in HTML.\n  public static String sanitize(String message) {\n    \u002F\u002F ...\n  }\n}\n",[43,787,788,802,807,823,847,851,873,885,897,911,923,927,945,949,961,974,986,994,1008,1020,1025,1029,1033,1045,1061,1077,1089,1101,1113,1125,1137,1149,1153,1160,1169,1174,1178,1182,1204,1216,1222,1226,1230,1234,1239,1258,1263,1268],{"__ignoreMap":111},[115,789,790,792,794,796,798,800],{"class":117,"line":118},[115,791,122],{"class":121},[115,793,125],{"class":121},[115,795,129],{"class":128},[115,797,132],{"class":121},[115,799,136],{"class":135},[115,801,140],{"class":139},[115,803,804],{"class":117,"line":143},[115,805,806],{"class":139}," \n",[115,808,809,811,813,815,817,819,821],{"class":117,"line":149},[115,810,152],{"class":121},[115,812,643],{"class":121},[115,814,156],{"class":155},[115,816,159],{"class":139},[115,818,162],{"class":121},[115,820,166],{"class":165},[115,822,169],{"class":139},[115,824,825,827,829,832,835,838,840,843,845],{"class":117,"line":172},[115,826,152],{"class":121},[115,828,643],{"class":121},[115,830,831],{"class":121}," final",[115,833,834],{"class":155}," Object",[115,836,837],{"class":139}," lastAddrLock ",[115,839,162],{"class":121},[115,841,842],{"class":121}," new",[115,844,834],{"class":187},[115,846,263],{"class":139},[115,848,849],{"class":117,"line":177},[115,850,146],{"emptyLinePlaceholder":7},[115,852,853,855,857,859,861,863,865,867,869,871],{"class":117,"line":213},[115,854,180],{"class":121},[115,856,184],{"class":183},[115,858,188],{"class":187},[115,860,191],{"class":139},[115,862,194],{"class":155},[115,864,198],{"class":197},[115,866,201],{"class":139},[115,868,204],{"class":155},[115,870,207],{"class":197},[115,872,210],{"class":139},[115,874,875,877,879,881,883],{"class":117,"line":229},[115,876,216],{"class":121},[115,878,219],{"class":155},[115,880,201],{"class":139},[115,882,224],{"class":155},[115,884,140],{"class":139},[115,886,887,889,891,893,895],{"class":117,"line":246},[115,888,232],{"class":139},[115,890,235],{"class":187},[115,892,191],{"class":139},[115,894,240],{"class":165},[115,896,243],{"class":139},[115,898,899,901,903,905,907,909],{"class":117,"line":266},[115,900,249],{"class":155},[115,902,252],{"class":139},[115,904,162],{"class":121},[115,906,257],{"class":139},[115,908,260],{"class":187},[115,910,263],{"class":139},[115,912,913,915,917,919,921],{"class":117,"line":282},[115,914,269],{"class":139},[115,916,272],{"class":187},[115,918,191],{"class":139},[115,920,277],{"class":165},[115,922,243],{"class":139},[115,924,925],{"class":117,"line":287},[115,926,806],{"class":139},[115,928,929,931,933,935,937,939,941,943],{"class":117,"line":311},[115,930,290],{"class":155},[115,932,293],{"class":139},[115,934,162],{"class":121},[115,936,298],{"class":139},[115,938,301],{"class":187},[115,940,191],{"class":139},[115,942,306],{"class":165},[115,944,243],{"class":139},[115,946,947],{"class":117,"line":316},[115,948,806],{"class":139},[115,950,951,953,955,957,959],{"class":117,"line":335},[115,952,319],{"class":121},[115,954,322],{"class":139},[115,956,325],{"class":121},[115,958,329],{"class":328},[115,960,332],{"class":139},[115,962,963,965,967,969,972],{"class":117,"line":350},[115,964,338],{"class":139},[115,966,272],{"class":187},[115,968,191],{"class":139},[115,970,971],{"class":165},"\"Email Address::\"",[115,973,243],{"class":139},[115,975,976,978,980,982,984],{"class":117,"line":365},[115,977,338],{"class":139},[115,979,272],{"class":187},[115,981,191],{"class":139},[115,983,359],{"class":187},[115,985,362],{"class":139},[115,987,988,991],{"class":117,"line":379},[115,989,990],{"class":121},"      synchronized",[115,992,993],{"class":139}," (lock) {\n",[115,995,996,999,1001,1003,1006],{"class":117,"line":393},[115,997,998],{"class":139},"        out.",[115,1000,272],{"class":187},[115,1002,191],{"class":139},[115,1004,1005],{"class":165},"\"\u003Cbr>Previous Email Address::\"",[115,1007,243],{"class":139},[115,1009,1010,1012,1014,1016,1018],{"class":117,"line":399},[115,1011,998],{"class":139},[115,1013,272],{"class":187},[115,1015,191],{"class":139},[115,1017,359],{"class":187},[115,1019,390],{"class":139},[115,1021,1022],{"class":117,"line":404},[115,1023,1024],{"class":139},"      }\n",[115,1026,1027],{"class":117,"line":418},[115,1028,396],{"class":139},[115,1030,1031],{"class":117,"line":439},[115,1032,806],{"class":139},[115,1034,1035,1037,1039,1041,1043],{"class":117,"line":458},[115,1036,269],{"class":139},[115,1038,272],{"class":187},[115,1040,191],{"class":139},[115,1042,413],{"class":165},[115,1044,243],{"class":139},[115,1046,1047,1049,1051,1053,1055,1057,1059],{"class":117,"line":472},[115,1048,269],{"class":139},[115,1050,423],{"class":187},[115,1052,191],{"class":139},[115,1054,428],{"class":165},[115,1056,431],{"class":328},[115,1058,434],{"class":165},[115,1060,243],{"class":139},[115,1062,1063,1065,1067,1069,1071,1073,1075],{"class":117,"line":486},[115,1064,269],{"class":139},[115,1066,423],{"class":187},[115,1068,191],{"class":139},[115,1070,448],{"class":165},[115,1072,431],{"class":328},[115,1074,453],{"class":165},[115,1076,243],{"class":139},[115,1078,1079,1081,1083,1085,1087],{"class":117,"line":500},[115,1080,269],{"class":139},[115,1082,272],{"class":187},[115,1084,191],{"class":139},[115,1086,467],{"class":165},[115,1088,243],{"class":139},[115,1090,1091,1093,1095,1097,1099],{"class":117,"line":514},[115,1092,269],{"class":139},[115,1094,272],{"class":187},[115,1096,191],{"class":139},[115,1098,481],{"class":165},[115,1100,243],{"class":139},[115,1102,1103,1105,1107,1109,1111],{"class":117,"line":528},[115,1104,269],{"class":139},[115,1106,272],{"class":187},[115,1108,191],{"class":139},[115,1110,495],{"class":165},[115,1112,243],{"class":139},[115,1114,1115,1117,1119,1121,1123],{"class":117,"line":542},[115,1116,269],{"class":139},[115,1118,272],{"class":187},[115,1120,191],{"class":139},[115,1122,509],{"class":165},[115,1124,243],{"class":139},[115,1126,1127,1129,1131,1133,1135],{"class":117,"line":547},[115,1128,269],{"class":139},[115,1130,272],{"class":187},[115,1132,191],{"class":139},[115,1134,523],{"class":165},[115,1136,243],{"class":139},[115,1138,1139,1141,1143,1145,1147],{"class":117,"line":558},[115,1140,269],{"class":139},[115,1142,272],{"class":187},[115,1144,191],{"class":139},[115,1146,537],{"class":165},[115,1148,243],{"class":139},[115,1150,1151],{"class":117,"line":564},[115,1152,806],{"class":139},[115,1154,1155,1158],{"class":117,"line":569},[115,1156,1157],{"class":121},"    synchronized",[115,1159,993],{"class":139},[115,1161,1162,1165,1167],{"class":117,"line":593},[115,1163,1164],{"class":139},"      lastAddr ",[115,1166,162],{"class":121},[115,1168,555],{"class":139},[115,1170,1171],{"class":117,"line":606},[115,1172,1173],{"class":139},"    }\n",[115,1175,1176],{"class":117,"line":615},[115,1177,561],{"class":139},[115,1179,1180],{"class":117,"line":620},[115,1181,806],{"class":139},[115,1183,1184,1186,1188,1190,1192,1194,1196,1198,1200,1202],{"class":117,"line":625},[115,1185,180],{"class":121},[115,1187,184],{"class":183},[115,1189,576],{"class":187},[115,1191,191],{"class":139},[115,1193,194],{"class":155},[115,1195,198],{"class":197},[115,1197,201],{"class":139},[115,1199,204],{"class":155},[115,1201,207],{"class":197},[115,1203,210],{"class":139},[115,1205,1206,1208,1210,1212,1214],{"class":117,"line":632},[115,1207,216],{"class":121},[115,1209,219],{"class":155},[115,1211,201],{"class":139},[115,1213,224],{"class":155},[115,1215,140],{"class":139},[115,1217,1218,1220],{"class":117,"line":638},[115,1219,609],{"class":187},[115,1221,612],{"class":139},[115,1223,1224],{"class":117,"line":661},[115,1225,561],{"class":139},[115,1227,1228],{"class":117,"line":667},[115,1229,146],{"emptyLinePlaceholder":7},[115,1231,1232],{"class":117,"line":672},[115,1233,629],{"class":628},[115,1235,1237],{"class":117,"line":1236},44,[115,1238,635],{"class":628},[115,1240,1242,1244,1246,1248,1250,1252,1254,1256],{"class":117,"line":1241},45,[115,1243,180],{"class":121},[115,1245,643],{"class":121},[115,1247,156],{"class":155},[115,1249,648],{"class":187},[115,1251,191],{"class":139},[115,1253,653],{"class":155},[115,1255,656],{"class":197},[115,1257,332],{"class":139},[115,1259,1261],{"class":117,"line":1260},46,[115,1262,664],{"class":628},[115,1264,1266],{"class":117,"line":1265},47,[115,1267,561],{"class":139},[115,1269,1271],{"class":117,"line":1270},48,[115,1272,675],{"class":139},[90,1274,1276],{"id":1275},"compliant-solution","Compliant Solution",[39,1278,1279,1280,1282,1283,1285,1286,1288,1289,1291,1292,1296],{},"This compliant solution stores the ",[43,1281,99],{}," parameter in the ",[43,1284,87],{}," object, which is provided as part of the ",[43,1287,194],{}," . The servlet mechanism keeps track of the session, providing the client with the session's ID, which is stored as a cookie by the client's browser. The other information in the session, including the ",[43,1290,99],{}," attribute, is stored by the server. Consequently, the servlet provides the last email address that was presented to the servlet in the same session (avoiding ",[55,1293,1295],{"href":1294},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-bb-glossary#RuleBB.Glossary-racecon","race conditions"," with requests from other sessions). The local variables, which temporarily hold data in this example, are not vulnerable to race conditions.",[102,1298,1300],{"quality":1299},"good",[106,1301,1303],{"className":108,"code":1302,"language":110,"meta":111,"style":111},"public class SampleServlet extends HttpServlet {\n\n  public void doGet(HttpServletRequest request, HttpServletResponse response)\n    throws IOException, ServletException {\n    response.setContentType(\"text\u002Fhtml\");\n    PrintWriter out = response.getWriter();\n    out.println(\"\u003Chtml>\");\n\n    String emailAddr = request.getParameter(\"emailAddr\");\n    HttpSession session = request.getSession();\n    Object attr = session.getAttribute(\"lastAddr\");\n    String lastAddr = (attr == null) ? \"null\" : attr.toString();\n\n    if (emailAddr != null) {\n      out.println(\"Email Address::\");\n      out.println(sanitize(emailAddr));\n      out.println(\"\u003Cbr>Previous Email Address::\");\n      out.println(sanitize(lastAddr));\n    };\n\n    out.println(\"\u003Cp>\");\n    out.print(\"\u003Cform action=\\\"\");\n    out.print(\"SampleServlet\\\" \");\n    out.println(\"method=POST>\");\n    out.println(\"Parameter:\");\n    out.println(\"\u003Cinput type=text size=20 name=emailAddr>\");\n    out.println(\"\u003Cbr>\");\n    out.println(\"\u003Cinput type=submit>\");\n    out.println(\"\u003C\u002Fform>\");\n\n    session.setAttribute(\"lastAddr\", emailAddr);\n  }\n\n  public void doPost(HttpServletRequest request, HttpServletResponse response)\n    throws IOException, ServletException {\n    doGet(request, response);\n  }\n\n  \u002F\u002F Filter the specified message string for characters\n  \u002F\u002F that are sensitive in HTML.\n  public static String sanitize(String message) {\n    \u002F\u002F ...\n  }\n}\n",[43,1304,1305,1319,1323,1345,1357,1369,1383,1395,1399,1417,1434,1457,1493,1497,1509,1521,1533,1545,1557,1561,1565,1577,1593,1609,1621,1633,1645,1657,1669,1681,1685,1700,1704,1708,1730,1742,1748,1752,1756,1760,1764,1782,1786,1790],{"__ignoreMap":111},[115,1306,1307,1309,1311,1313,1315,1317],{"class":117,"line":118},[115,1308,122],{"class":121},[115,1310,125],{"class":121},[115,1312,129],{"class":128},[115,1314,132],{"class":121},[115,1316,136],{"class":135},[115,1318,140],{"class":139},[115,1320,1321],{"class":117,"line":143},[115,1322,146],{"emptyLinePlaceholder":7},[115,1324,1325,1327,1329,1331,1333,1335,1337,1339,1341,1343],{"class":117,"line":149},[115,1326,180],{"class":121},[115,1328,184],{"class":183},[115,1330,188],{"class":187},[115,1332,191],{"class":139},[115,1334,194],{"class":155},[115,1336,198],{"class":197},[115,1338,201],{"class":139},[115,1340,204],{"class":155},[115,1342,207],{"class":197},[115,1344,210],{"class":139},[115,1346,1347,1349,1351,1353,1355],{"class":117,"line":172},[115,1348,216],{"class":121},[115,1350,219],{"class":155},[115,1352,201],{"class":139},[115,1354,224],{"class":155},[115,1356,140],{"class":139},[115,1358,1359,1361,1363,1365,1367],{"class":117,"line":177},[115,1360,232],{"class":139},[115,1362,235],{"class":187},[115,1364,191],{"class":139},[115,1366,240],{"class":165},[115,1368,243],{"class":139},[115,1370,1371,1373,1375,1377,1379,1381],{"class":117,"line":213},[115,1372,249],{"class":155},[115,1374,252],{"class":139},[115,1376,162],{"class":121},[115,1378,257],{"class":139},[115,1380,260],{"class":187},[115,1382,263],{"class":139},[115,1384,1385,1387,1389,1391,1393],{"class":117,"line":229},[115,1386,269],{"class":139},[115,1388,272],{"class":187},[115,1390,191],{"class":139},[115,1392,277],{"class":165},[115,1394,243],{"class":139},[115,1396,1397],{"class":117,"line":246},[115,1398,146],{"emptyLinePlaceholder":7},[115,1400,1401,1403,1405,1407,1409,1411,1413,1415],{"class":117,"line":266},[115,1402,290],{"class":155},[115,1404,293],{"class":139},[115,1406,162],{"class":121},[115,1408,298],{"class":139},[115,1410,301],{"class":187},[115,1412,191],{"class":139},[115,1414,306],{"class":165},[115,1416,243],{"class":139},[115,1418,1419,1422,1425,1427,1429,1432],{"class":117,"line":282},[115,1420,1421],{"class":155},"    HttpSession",[115,1423,1424],{"class":139}," session ",[115,1426,162],{"class":121},[115,1428,298],{"class":139},[115,1430,1431],{"class":187},"getSession",[115,1433,263],{"class":139},[115,1435,1436,1439,1442,1444,1447,1450,1452,1455],{"class":117,"line":287},[115,1437,1438],{"class":155},"    Object",[115,1440,1441],{"class":139}," attr ",[115,1443,162],{"class":121},[115,1445,1446],{"class":139}," session.",[115,1448,1449],{"class":187},"getAttribute",[115,1451,191],{"class":139},[115,1453,1454],{"class":165},"\"lastAddr\"",[115,1456,243],{"class":139},[115,1458,1459,1461,1463,1465,1468,1471,1473,1476,1479,1482,1485,1488,1491],{"class":117,"line":311},[115,1460,290],{"class":155},[115,1462,159],{"class":139},[115,1464,162],{"class":121},[115,1466,1467],{"class":139}," (attr ",[115,1469,1470],{"class":121},"==",[115,1472,329],{"class":328},[115,1474,1475],{"class":139},") ",[115,1477,1478],{"class":121},"?",[115,1480,1481],{"class":165}," \"null\"",[115,1483,1484],{"class":121}," :",[115,1486,1487],{"class":139}," attr.",[115,1489,1490],{"class":187},"toString",[115,1492,263],{"class":139},[115,1494,1495],{"class":117,"line":316},[115,1496,146],{"emptyLinePlaceholder":7},[115,1498,1499,1501,1503,1505,1507],{"class":117,"line":335},[115,1500,319],{"class":121},[115,1502,322],{"class":139},[115,1504,325],{"class":121},[115,1506,329],{"class":328},[115,1508,332],{"class":139},[115,1510,1511,1513,1515,1517,1519],{"class":117,"line":350},[115,1512,338],{"class":139},[115,1514,272],{"class":187},[115,1516,191],{"class":139},[115,1518,971],{"class":165},[115,1520,243],{"class":139},[115,1522,1523,1525,1527,1529,1531],{"class":117,"line":365},[115,1524,338],{"class":139},[115,1526,272],{"class":187},[115,1528,191],{"class":139},[115,1530,359],{"class":187},[115,1532,362],{"class":139},[115,1534,1535,1537,1539,1541,1543],{"class":117,"line":379},[115,1536,338],{"class":139},[115,1538,272],{"class":187},[115,1540,191],{"class":139},[115,1542,1005],{"class":165},[115,1544,243],{"class":139},[115,1546,1547,1549,1551,1553,1555],{"class":117,"line":393},[115,1548,338],{"class":139},[115,1550,272],{"class":187},[115,1552,191],{"class":139},[115,1554,359],{"class":187},[115,1556,390],{"class":139},[115,1558,1559],{"class":117,"line":399},[115,1560,396],{"class":139},[115,1562,1563],{"class":117,"line":404},[115,1564,146],{"emptyLinePlaceholder":7},[115,1566,1567,1569,1571,1573,1575],{"class":117,"line":418},[115,1568,269],{"class":139},[115,1570,272],{"class":187},[115,1572,191],{"class":139},[115,1574,413],{"class":165},[115,1576,243],{"class":139},[115,1578,1579,1581,1583,1585,1587,1589,1591],{"class":117,"line":439},[115,1580,269],{"class":139},[115,1582,423],{"class":187},[115,1584,191],{"class":139},[115,1586,428],{"class":165},[115,1588,431],{"class":328},[115,1590,434],{"class":165},[115,1592,243],{"class":139},[115,1594,1595,1597,1599,1601,1603,1605,1607],{"class":117,"line":458},[115,1596,269],{"class":139},[115,1598,423],{"class":187},[115,1600,191],{"class":139},[115,1602,448],{"class":165},[115,1604,431],{"class":328},[115,1606,453],{"class":165},[115,1608,243],{"class":139},[115,1610,1611,1613,1615,1617,1619],{"class":117,"line":472},[115,1612,269],{"class":139},[115,1614,272],{"class":187},[115,1616,191],{"class":139},[115,1618,467],{"class":165},[115,1620,243],{"class":139},[115,1622,1623,1625,1627,1629,1631],{"class":117,"line":486},[115,1624,269],{"class":139},[115,1626,272],{"class":187},[115,1628,191],{"class":139},[115,1630,481],{"class":165},[115,1632,243],{"class":139},[115,1634,1635,1637,1639,1641,1643],{"class":117,"line":500},[115,1636,269],{"class":139},[115,1638,272],{"class":187},[115,1640,191],{"class":139},[115,1642,495],{"class":165},[115,1644,243],{"class":139},[115,1646,1647,1649,1651,1653,1655],{"class":117,"line":514},[115,1648,269],{"class":139},[115,1650,272],{"class":187},[115,1652,191],{"class":139},[115,1654,509],{"class":165},[115,1656,243],{"class":139},[115,1658,1659,1661,1663,1665,1667],{"class":117,"line":528},[115,1660,269],{"class":139},[115,1662,272],{"class":187},[115,1664,191],{"class":139},[115,1666,523],{"class":165},[115,1668,243],{"class":139},[115,1670,1671,1673,1675,1677,1679],{"class":117,"line":542},[115,1672,269],{"class":139},[115,1674,272],{"class":187},[115,1676,191],{"class":139},[115,1678,537],{"class":165},[115,1680,243],{"class":139},[115,1682,1683],{"class":117,"line":547},[115,1684,146],{"emptyLinePlaceholder":7},[115,1686,1687,1690,1693,1695,1697],{"class":117,"line":558},[115,1688,1689],{"class":139},"    session.",[115,1691,1692],{"class":187},"setAttribute",[115,1694,191],{"class":139},[115,1696,1454],{"class":165},[115,1698,1699],{"class":139},", emailAddr);\n",[115,1701,1702],{"class":117,"line":564},[115,1703,561],{"class":139},[115,1705,1706],{"class":117,"line":569},[115,1707,146],{"emptyLinePlaceholder":7},[115,1709,1710,1712,1714,1716,1718,1720,1722,1724,1726,1728],{"class":117,"line":593},[115,1711,180],{"class":121},[115,1713,184],{"class":183},[115,1715,576],{"class":187},[115,1717,191],{"class":139},[115,1719,194],{"class":155},[115,1721,198],{"class":197},[115,1723,201],{"class":139},[115,1725,204],{"class":155},[115,1727,207],{"class":197},[115,1729,210],{"class":139},[115,1731,1732,1734,1736,1738,1740],{"class":117,"line":606},[115,1733,216],{"class":121},[115,1735,219],{"class":155},[115,1737,201],{"class":139},[115,1739,224],{"class":155},[115,1741,140],{"class":139},[115,1743,1744,1746],{"class":117,"line":615},[115,1745,609],{"class":187},[115,1747,612],{"class":139},[115,1749,1750],{"class":117,"line":620},[115,1751,561],{"class":139},[115,1753,1754],{"class":117,"line":625},[115,1755,146],{"emptyLinePlaceholder":7},[115,1757,1758],{"class":117,"line":632},[115,1759,629],{"class":628},[115,1761,1762],{"class":117,"line":638},[115,1763,635],{"class":628},[115,1765,1766,1768,1770,1772,1774,1776,1778,1780],{"class":117,"line":661},[115,1767,180],{"class":121},[115,1769,643],{"class":121},[115,1771,156],{"class":155},[115,1773,648],{"class":187},[115,1775,191],{"class":139},[115,1777,653],{"class":155},[115,1779,656],{"class":197},[115,1781,332],{"class":139},[115,1783,1784],{"class":117,"line":667},[115,1785,664],{"class":628},[115,1787,1788],{"class":117,"line":672},[115,1789,561],{"class":139},[115,1791,1792],{"class":117,"line":1236},[115,1793,675],{"class":139},[90,1795,1797],{"id":1796},"risk-assessment","Risk Assessment",[39,1799,1800],{},"Use of nonstatic member fields in a servlet can result in information leakage.",[1802,1803,1804,1805,1804,1835],"table",{},"\n  ",[1806,1807,1808,1809,1804],"thead",{},"\n    ",[1810,1811,1812,1813,1812,1817,1812,1820,1812,1823,1812,1826,1812,1829,1812,1832,1808],"tr",{},"\n      ",[1814,1815,1816],"th",{},"Rule",[1814,1818,1819],{},"Severity",[1814,1821,1822],{},"Likelihood",[1814,1824,1825],{},"Detectable",[1814,1827,1828],{},"Repairable",[1814,1830,1831],{},"Priority",[1814,1833,1834],{},"Level",[1836,1837,1808,1838,1804],"tbody",{},[1810,1839,1812,1840,1812,1844,1812,1847,1812,1850,1812,1853,1812,1855,1812,1862,1808],{},[1841,1842,1843],"td",{},"MSC11-J",[1841,1845,1846],{},"Medium",[1841,1848,1849],{},"Likely",[1841,1851,1852],{},"No",[1841,1854,1852],{},[1841,1856,1858],{"style":1857},"color: #f1c40f;",[1859,1860,1861],"b",{},"P6",[1841,1863,1864],{"style":1857},[1859,1865,1866],{},"L2",[90,1868,1870],{"id":1869},"automated-detection","Automated Detection",[1802,1872,1875,1888,1906],{"className":1873},[1874],"wrapped",[1876,1877,1878,1882,1884,1886],"colgroup",{},[1879,1880],"col",{"style":1881},"width: 25%",[1879,1883],{"style":1881},[1879,1885],{"style":1881},[1879,1887],{"style":1881},[1806,1889,1890],{},[1810,1891,1894,1897,1900,1903],{"className":1892},[1893],"header",[1814,1895,1896],{},"Tool",[1814,1898,1899],{},"Version",[1814,1901,1902],{},"Checker",[1814,1904,1905],{},"Description",[1836,1907,1908,1941,1960,1988],{},[1810,1909,1912,1915,1918,1938],{"className":1910},[1911],"odd",[1841,1913,1914],{},"Findbugs",[1841,1916,1917],{},"2.0.3",[1841,1919,1920],{},[39,1921,1922,1929,1930,1929,1935],{},[1923,1924,1925,1926],"strong",{},"MSF_MUTABLE_SERVLET_FIELD",[1927,1928],"br",{}," ",[1923,1931,1932,1933],{},"MTIA_SUSPECT_STRUTS_INSTANCE_FIELD",[1927,1934],{},[1923,1936,1937],{},"MTIA_SUSPECT_SERVLET_INSTANCE_FIELD",[1841,1939,1940],{},"Implemented",[1810,1942,1945,1948,1951,1958],{"className":1943},[1944],"even",[1841,1946,1947],{},"Fortify",[1841,1949,1950],{},"6.10.0120",[1841,1952,1953],{},[39,1954,1955],{},[1923,1956,1957],{},"Singleton_Member_Field",[1841,1959,1940],{},[1810,1961,1963,1970,1980,1985],{"className":1962},[1911],[1841,1964,1966],{"style":1965},"text-align: left;",[55,1967,1969],{"href":1968},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsecurity-reviewer-static-reviewer","Security Reviewer - Static Reviewer",[1841,1971,1972],{"style":1965},[1973,1974,1977],"div",{"className":1975},[1976],"content-wrapper",[39,1978,1979],{},"6.02",[1841,1981,1982],{"style":1965},[1923,1983,1984],{},"JAVA_04",[1841,1986,1987],{"style":1965},"Full Implementation",[1810,1989,1991,1997,2003,2011],{"className":1990},[1944],[1841,1992,1993],{},[55,1994,1996],{"href":1995},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsonarqube","SonarQube",[1841,1998,1999],{},[1973,2000,2002],{"className":2001},[1976],"9.9",[1841,2004,2005],{},[1923,2006,2007],{},[55,2008,2010],{"href":2009},"https:\u002F\u002Fwww.sonarsource.com\u002Fproducts\u002Fcodeanalyzers\u002Fsonarjava\u002Frules.html#RSPEC-2226","S2226",[1841,2012,2013],{},[1927,2014],{},[90,2016,2018],{"id":2017},"related-guidelines","Related Guidelines",[1802,2020,2021,2029],{},[1806,2022,2023],{},[1810,2024,2025,2027],{},[1814,2026],{},[1814,2028],{},[1836,2030,2031],{},[1810,2032,2033,2040],{},[1841,2034,2035],{},[55,2036,2039],{"href":2037,"rel":2038},"http:\u002F\u002Fcwe.mitre.org\u002F",[59],"MITRE CWE",[1841,2041,2042,2047],{},[55,2043,2046],{"href":2044,"rel":2045},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F543.html",[59],"CWE-543"," , Use of Singleton Pattern Without Synchronization in a Multithreaded Context",[90,2049,2051],{"id":2050},"bibliography","Bibliography",[1802,2053,2054,2062],{},[1806,2055,2056],{},[1810,2057,2058,2060],{},[1814,2059],{},[1814,2061],{},[1836,2063,2064,2079,2094],{},[1810,2065,2066,2074],{},[1841,2067,2068,2069,2073],{},"[ ",[55,2070,2072],{"href":2071},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-Apac","Apache 2015"," ]",[1841,2075,2076],{},[55,2077,60],{"href":57,"rel":2078},[59],[1810,2080,2081,2087],{},[1841,2082,2068,2083,2073],{},[55,2084,2086],{"href":2085},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references#RuleAA.References-Fortify14","Fortify 2014",[1841,2088,2089],{},[55,2090,2093],{"href":2091,"rel":2092},"http:\u002F\u002Fwww.hpenterprisesecurity.com\u002Fvulncat\u002Fen\u002Fvulncat\u002Fjava\u002Fsingleton_member_field_race_condition.html",[59],"Fortify Diagnostic",[1810,2095,2096,2102],{},[1841,2097,2068,2098,2073],{},[55,2099,2101],{"href":2100},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references","J2EE API 2013",[1841,2103,2104],{},[55,2105,194],{"href":2106,"rel":2107},"http:\u002F\u002Fdocs.oracle.com\u002Fjavaee\u002F6\u002Fapi\u002Findex.html?javax\u002Fservlet\u002Fhttp\u002FHttpServletRequest.html",[59],[2109,2110],"hr",{},[39,2112,2113,1929,2120,1929,2126],{},[55,2114,2116],{"href":2115},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc10-j",[2117,2118],"img",{"src":2119},"\u002Fattachments\u002F88487702\u002F88497198.png",[55,2121,2123],{"href":2122},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fpages\u002Fviewpage.action?pageId=47677814",[2117,2124],{"src":2125},"\u002Fattachments\u002F88487702\u002F88497196.png",[55,2127,2129],{"href":2128},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fandroid-drd",[2117,2130],{"src":2131},"\u002Fattachments\u002F88487702\u002F88497197.png",[2133,2134,2135],"style",{},"html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .sz2Vg, html code.shiki .sz2Vg{--shiki-default:#6F42C1;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-text-decoration:underline}html pre.shiki code .s30JN, html code.shiki .s30JN{--shiki-default:#6F42C1;--shiki-default-font-style:inherit;--shiki-default-text-decoration:inherit;--shiki-dark:#B392F0;--shiki-dark-font-style:inherit;--shiki-dark-text-decoration:inherit;--shiki-sepia:#A6E22E;--shiki-sepia-font-style:italic;--shiki-sepia-text-decoration:underline}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sk8M1, html code.shiki .sk8M1{--shiki-default:#24292E;--shiki-default-font-style:inherit;--shiki-dark:#E1E4E8;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}",{"title":111,"searchDepth":143,"depth":143,"links":2137},[2138,2139,2140,2141,2142,2143,2144,2145],{"id":92,"depth":143,"text":93},{"id":702,"depth":143,"text":93},{"id":767,"depth":143,"text":93},{"id":1275,"depth":143,"text":1276},{"id":1796,"depth":143,"text":1797},{"id":1869,"depth":143,"text":1870},{"id":2017,"depth":143,"text":2018},{"id":2050,"depth":143,"text":2051},"Java servlets often must store information associated with each client that connects to them. Using member fields in the javax.servlet.http.HttpServlet to store information specific to individual clients is a common, simple practice. However, doing so is a mistake for the following reasons:","md",{"tags":2149},[2150,2151,2152,2153],"draft","rule","incomplete","msc","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc11-j",{"title":30,"description":2146},"6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F13.msc11-j","GPSE_pHkaSgKBQuRiiqZcu3MOhQyHkTjSRnwlnavLUA",[2159,2162],{"title":2160,"path":2115,"stem":2161,"children":-1},"MSC10-J. Do not use OAuth 2.0 implicit grant (unmodified) for authentication","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F12.msc10-j",{"title":2163,"path":2164,"stem":2165,"children":-1},"Numeric Types and Operations (NUM)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F01.index",[2167],{"title":2168,"path":2169,"stem":2170,"children":2171},"SEI CERT Oracle Coding Standard for Java","\u002Fsei-cert-oracle-coding-standard-for-java","6.sei-cert-oracle-coding-standard-for-java\u002F1.index",[2172,2173,2313,3135,3534,3703],{"title":2168,"path":2169,"stem":2170},{"title":2174,"path":2175,"stem":2176,"children":2177},"Front Matter","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F1.index",[2178,2179,2183,2187,2191,2237,2275],{"title":2174,"path":2175,"stem":2176},{"title":2180,"path":2181,"stem":2182},"Rules versus Recommendations (Java)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frules-versus-recommendations-java","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F2.rules-versus-recommendations-java",{"title":2184,"path":2185,"stem":2186},"Acknowledgments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Facknowledgments","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F3.acknowledgments",{"title":2188,"path":2189,"stem":2190},"Deprecations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Fdeprecations","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.deprecations",{"title":2192,"path":2193,"stem":2194,"children":2195},"Rec. Preface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F01.index",[2196,2197,2201,2205,2209,2213,2217,2221,2225,2229,2233],{"title":2192,"path":2193,"stem":2194},{"title":2198,"path":2199,"stem":2200},"Scope","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fscope","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F02.scope",{"title":2202,"path":2203,"stem":2204},"Audience","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Faudience","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F03.audience",{"title":2206,"path":2207,"stem":2208},"Contents and Organization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fcontents-and-organization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F05.contents-and-organization",{"title":2210,"path":2211,"stem":2212},"Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fguidelines","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F06.guidelines",{"title":2214,"path":2215,"stem":2216},"Usage","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fusage","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F07.usage",{"title":2218,"path":2219,"stem":2220},"System Qualities","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fsystem-qualities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F08.system-qualities",{"title":2222,"path":2223,"stem":2224},"Priority and Levels","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fpriority-and-levels","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F09.priority-and-levels",{"title":2226,"path":2227,"stem":2228},"Automatically Generated Code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fautomatically-generated-code","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F10.automatically-generated-code",{"title":2230,"path":2231,"stem":2232},"Source Code Validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fsource-code-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F11.source-code-validation",{"title":2234,"path":2235,"stem":2236},"Tool Selection and Validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Ftool-selection-and-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F12.tool-selection-and-validation",{"title":2238,"path":2239,"stem":2240,"children":2241},"Rule. Introduction","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F01.index",[2242,2243,2247,2251,2255,2259,2263,2267,2271],{"title":2238,"path":2239,"stem":2240},{"title":2244,"path":2245,"stem":2246},"Input Validation and Data Sanitization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Finput-validation-and-data-sanitization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F02.input-validation-and-data-sanitization",{"title":2248,"path":2249,"stem":2250},"Leaking Sensitive Data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fleaking-sensitive-data","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F03.leaking-sensitive-data",{"title":2252,"path":2253,"stem":2254},"Type Safety","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Ftype-safety","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F04.type-safety",{"title":2256,"path":2257,"stem":2258},"Leaking Capabilities","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fleaking-capabilities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F05.leaking-capabilities",{"title":2260,"path":2261,"stem":2262},"Denial of Service","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fdenial-of-service","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F06.denial-of-service",{"title":2264,"path":2265,"stem":2266},"Libraries","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Flibraries","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F07.libraries",{"title":2268,"path":2269,"stem":2270},"Concurrency, Visibility, and Memory","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fconcurrency-visibility-and-memory","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F08.concurrency-visibility-and-memory",{"title":2272,"path":2273,"stem":2274},"Privilege Escalation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fprivilege-escalation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F09.privilege-escalation",{"title":2276,"path":2277,"stem":2278,"children":2279},"Rule. Preface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F01.index",[2280,2281,2284,2287,2290,2294,2297,2300,2303,2306,2310],{"title":2276,"path":2277,"stem":2278},{"title":2198,"path":2282,"stem":2283},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fscope","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F02.scope",{"title":2202,"path":2285,"stem":2286},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Faudience","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F03.audience",{"title":2206,"path":2288,"stem":2289},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fcontents-and-organization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F04.contents-and-organization",{"title":2291,"path":2292,"stem":2293},"Identifiers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fidentifiers","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F05.identifiers",{"title":2214,"path":2295,"stem":2296},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fusage","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F06.usage",{"title":2218,"path":2298,"stem":2299},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fsystem-qualities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F07.system-qualities",{"title":2222,"path":2301,"stem":2302},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fpriority-and-levels","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F08.priority-and-levels",{"title":2226,"path":2304,"stem":2305},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fautomatically-generated-code","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F09.automatically-generated-code",{"title":2307,"path":2308,"stem":2309},"Conformance Testing","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fconformance-testing","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F10.conformance-testing",{"title":2234,"path":2311,"stem":2312},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Ftool-selection-and-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F11.tool-selection-and-validation",{"title":2314,"path":2315,"stem":2316,"children":2317},"Rules","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F01.index",[2318,2319,2322,2348,2366,2412,2450,2524,2578,2604,2656,2718,2764,2819,2881,2931,2971,3029,3059,3085,3107],{"title":2314,"path":2315,"stem":2316},{"title":2320,"path":2128,"stem":2321},"Android (DRD)","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F02.android-drd",{"title":2323,"path":2324,"stem":2325,"children":2326},"Characters and Strings (STR)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F1.index",[2327,2328,2332,2336,2340,2344],{"title":2323,"path":2324,"stem":2325},{"title":2329,"path":2330,"stem":2331},"STR00-J. Don't form strings containing partial characters from variable-width encodings","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F2.str00-j",{"title":2333,"path":2334,"stem":2335},"STR01-J. Do not assume that a Java char fully represents a Unicode code point","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F3.str01-j",{"title":2337,"path":2338,"stem":2339},"STR02-J. Specify an appropriate locale when comparing locale-dependent data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F4.str02-j",{"title":2341,"path":2342,"stem":2343},"STR03-J. Do not encode noncharacter data as a string","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F5.str03-j",{"title":2345,"path":2346,"stem":2347},"STR04-J. Use compatible character encodings when communicating string data between JVMs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F6.str04-j",{"title":2349,"path":2350,"stem":2351,"children":2352},"Declarations and Initialization (DCL)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F1.index",[2353,2354,2358,2362],{"title":2349,"path":2350,"stem":2351},{"title":2355,"path":2356,"stem":2357},"DCL00-J. Prevent class initialization cycles","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F2.dcl00-j",{"title":2359,"path":2360,"stem":2361},"DCL01-J. Do not reuse public identifiers from the Java Standard Library","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F3.dcl01-j",{"title":2363,"path":2364,"stem":2365},"DCL02-J. Do not modify the collection's elements during an enhanced for statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F4.dcl02-j",{"title":2367,"path":2368,"stem":2369,"children":2370},"Exceptional Behavior (ERR)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F01.index",[2371,2372,2376,2380,2384,2388,2392,2396,2400,2404,2408],{"title":2367,"path":2368,"stem":2369},{"title":2373,"path":2374,"stem":2375},"ERR00-J. Do not suppress or ignore checked exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F02.err00-j",{"title":2377,"path":2378,"stem":2379},"ERR01-J. Do not allow exceptions to expose sensitive information","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F03.err01-j",{"title":2381,"path":2382,"stem":2383},"ERR02-J. Prevent exceptions while logging data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F04.err02-j",{"title":2385,"path":2386,"stem":2387},"ERR03-J. Restore prior object state on method failure","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F05.err03-j",{"title":2389,"path":2390,"stem":2391},"ERR04-J. Do not complete abruptly from a finally block","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F06.err04-j",{"title":2393,"path":2394,"stem":2395},"ERR05-J. Do not let checked exceptions escape from a finally block","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F07.err05-j",{"title":2397,"path":2398,"stem":2399},"ERR06-J. Do not throw undeclared checked exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F08.err06-j",{"title":2401,"path":2402,"stem":2403},"ERR07-J. Do not throw RuntimeException, Exception, or Throwable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F09.err07-j",{"title":2405,"path":2406,"stem":2407},"ERR08-J. Do not catch NullPointerException or any of its ancestors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F10.err08-j",{"title":2409,"path":2410,"stem":2411},"ERR09-J. Do not allow untrusted code to terminate the JVM","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F11.err09-j",{"title":2413,"path":2414,"stem":2415,"children":2416},"Expressions (EXP)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F1.index",[2417,2418,2422,2426,2430,2434,2438,2442,2446],{"title":2413,"path":2414,"stem":2415},{"title":2419,"path":2420,"stem":2421},"EXP00-J. Do not ignore values returned by methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F2.exp00-j",{"title":2423,"path":2424,"stem":2425},"EXP01-J. Do not use a null in a case where an object is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F3.exp01-j",{"title":2427,"path":2428,"stem":2429},"EXP02-J. Do not use the Object.equals() method to compare two arrays","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F4.exp02-j",{"title":2431,"path":2432,"stem":2433},"EXP03-J. Do not use the equality operators when comparing values of boxed primitives","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F5.exp03-j",{"title":2435,"path":2436,"stem":2437},"EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F6.exp04-j",{"title":2439,"path":2440,"stem":2441},"EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F7.exp05-j",{"title":2443,"path":2444,"stem":2445},"EXP06-J. Expressions used in assertions must not produce side effects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F8.exp06-j",{"title":2447,"path":2448,"stem":2449},"EXP07-J. Prevent loss of useful data due to weak references","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F9.exp07-j",{"title":2451,"path":2452,"stem":2453,"children":2454},"Input Output (FIO)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F01.index",[2455,2456,2460,2464,2468,2472,2476,2480,2484,2488,2492,2496,2500,2504,2508,2512,2516,2520],{"title":2451,"path":2452,"stem":2453},{"title":2457,"path":2458,"stem":2459},"FIO00-J. Do not operate on files in shared directories","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F02.fio00-j",{"title":2461,"path":2462,"stem":2463},"FIO01-J. Create files with appropriate access permissions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F03.fio01-j",{"title":2465,"path":2466,"stem":2467},"FIO02-J. Detect and handle file-related errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F04.fio02-j",{"title":2469,"path":2470,"stem":2471},"FIO03-J. Remove temporary files before termination","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F05.fio03-j",{"title":2473,"path":2474,"stem":2475},"FIO04-J. Release resources when they are no longer needed","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F06.fio04-j",{"title":2477,"path":2478,"stem":2479},"FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F07.fio05-j",{"title":2481,"path":2482,"stem":2483},"FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F08.fio06-j",{"title":2485,"path":2486,"stem":2487},"FIO07-J. Do not let external processes block on IO buffers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F09.fio07-j",{"title":2489,"path":2490,"stem":2491},"FIO08-J. Distinguish between characters or bytes read from a stream and -1","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F10.fio08-j",{"title":2493,"path":2494,"stem":2495},"FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F11.fio09-j",{"title":2497,"path":2498,"stem":2499},"FIO10-J. Ensure the array is filled when using read() to fill an array","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F12.fio10-j",{"title":2501,"path":2502,"stem":2503},"FIO11-J. Do not convert between strings and bytes without specifying a valid character encoding","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F13.fio11-j",{"title":2505,"path":2506,"stem":2507},"FIO12-J. Provide methods to read and write little-endian data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F14.fio12-j",{"title":2509,"path":2510,"stem":2511},"FIO13-J. Do not log sensitive information outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F15.fio13-j",{"title":2513,"path":2514,"stem":2515},"FIO14-J. Perform proper cleanup at program termination","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F16.fio14-j",{"title":2517,"path":2518,"stem":2519},"FIO15-J. Do not reset a servlet's output stream after committing it","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio15-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F17.fio15-j",{"title":2521,"path":2522,"stem":2523},"FIO16-J. Canonicalize path names before validating them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio16-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F18.fio16-j",{"title":2525,"path":2526,"stem":2527,"children":2528},"Input Validation and Data Sanitization (IDS)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F01.index",[2529,2530,2534,2538,2542,2546,2550,2554,2558,2562,2566,2570,2574],{"title":2525,"path":2526,"stem":2527},{"title":2531,"path":2532,"stem":2533},"IDS00-J. Prevent SQL injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F02.ids00-j",{"title":2535,"path":2536,"stem":2537},"IDS01-J. Normalize strings before validating them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F03.ids01-j",{"title":2539,"path":2540,"stem":2541},"IDS03-J. Do not log unsanitized user input","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F04.ids03-j",{"title":2543,"path":2544,"stem":2545},"IDS04-J. Safely extract files from ZipInputStream","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F05.ids04-j",{"title":2547,"path":2548,"stem":2549},"IDS06-J. Exclude unsanitized user input from format strings","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F06.ids06-j",{"title":2551,"path":2552,"stem":2553},"IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F07.ids07-j",{"title":2555,"path":2556,"stem":2557},"IDS08-J. Sanitize untrusted data included in a regular expression","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F08.ids08-j",{"title":2559,"path":2560,"stem":2561},"IDS11-J. Perform any string modifications before validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F09.ids11-j",{"title":2563,"path":2564,"stem":2565},"IDS14-J. Do not trust the contents of hidden form fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F10.ids14-j",{"title":2567,"path":2568,"stem":2569},"IDS15-J. Do not allow sensitive information to leak outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids15-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F11.ids15-j",{"title":2571,"path":2572,"stem":2573},"IDS16-J. Prevent XML Injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids16-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F12.ids16-j",{"title":2575,"path":2576,"stem":2577},"IDS17-J. Prevent XML External Entity Attacks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids17-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F13.ids17-j",{"title":2579,"path":2580,"stem":2581,"children":2582},"Java Native Interface (JNI)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F1.index",[2583,2584,2588,2592,2596,2600],{"title":2579,"path":2580,"stem":2581},{"title":2585,"path":2586,"stem":2587},"JNI00-J. Define wrappers around native methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F2.jni00-j",{"title":2589,"path":2590,"stem":2591},"JNI01-J. Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F3.jni01-j",{"title":2593,"path":2594,"stem":2595},"JNI02-J. Do not assume object references are constant or unique","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F4.jni02-j",{"title":2597,"path":2598,"stem":2599},"JNI03-J. Do not use direct pointers to Java objects in JNI code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F5.jni03-j",{"title":2601,"path":2602,"stem":2603},"JNI04-J. Do not assume that Java strings are null-terminated","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F6.jni04-j",{"title":2605,"path":2606,"stem":2607,"children":2608},"Locking (LCK)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F01.index",[2609,2610,2612,2616,2620,2624,2628,2632,2636,2640,2644,2648,2652],{"title":2605,"path":2606,"stem":2607},{"title":776,"path":775,"stem":2611},"6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F02.lck00-j",{"title":2613,"path":2614,"stem":2615},"LCK01-J. Do not synchronize on objects that may be reused","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F03.lck01-j",{"title":2617,"path":2618,"stem":2619},"LCK02-J. Do not synchronize on the class object returned by getClass()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F04.lck02-j",{"title":2621,"path":2622,"stem":2623},"LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F05.lck03-j",{"title":2625,"path":2626,"stem":2627},"LCK04-J. Do not synchronize on a collection view if the backing collection is accessible","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F06.lck04-j",{"title":2629,"path":2630,"stem":2631},"LCK05-J. Synchronize access to static fields that can be modified by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F07.lck05-j",{"title":2633,"path":2634,"stem":2635},"LCK06-J. Do not use an instance lock to protect shared static data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F08.lck06-j",{"title":2637,"path":2638,"stem":2639},"LCK07-J. Avoid deadlock by requesting and releasing locks in the same order","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F09.lck07-j",{"title":2641,"path":2642,"stem":2643},"LCK08-J. Ensure actively held locks are released on exceptional conditions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F10.lck08-j",{"title":2645,"path":2646,"stem":2647},"LCK09-J. Do not perform operations that can block while holding a lock","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F11.lck09-j",{"title":2649,"path":2650,"stem":2651},"LCK10-J. Use a correct form of the double-checked locking idiom","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F12.lck10-j",{"title":2653,"path":2654,"stem":2655},"LCK11-J. Avoid client-side locking when using classes that do not commit to their locking strategy","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F13.lck11-j",{"title":2657,"path":2658,"stem":2659,"children":2660},"Methods (MET)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F01.index",[2661,2662,2666,2670,2674,2678,2682,2686,2690,2694,2698,2702,2706,2710,2714],{"title":2657,"path":2658,"stem":2659},{"title":2663,"path":2664,"stem":2665},"MET00-J. Validate method arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F02.met00-j",{"title":2667,"path":2668,"stem":2669},"MET01-J. Never use assertions to validate method arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F03.met01-j",{"title":2671,"path":2672,"stem":2673},"MET02-J. Do not use deprecated or obsolete classes or methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F04.met02-j",{"title":2675,"path":2676,"stem":2677},"MET03-J. Methods that perform a security check must be declared private or final","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F05.met03-j",{"title":2679,"path":2680,"stem":2681},"MET04-J. Do not increase the accessibility of overridden or hidden methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F06.met04-j",{"title":2683,"path":2684,"stem":2685},"MET05-J. Ensure that constructors do not call overridable methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F07.met05-j",{"title":2687,"path":2688,"stem":2689},"MET06-J. Do not invoke overridable methods in clone()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F08.met06-j",{"title":2691,"path":2692,"stem":2693},"MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F09.met07-j",{"title":2695,"path":2696,"stem":2697},"MET08-J. Preserve the equality contract when overriding the equals() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F10.met08-j",{"title":2699,"path":2700,"stem":2701},"MET09-J. Classes that define an equals() method must also define a hashCode() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F11.met09-j",{"title":2703,"path":2704,"stem":2705},"MET10-J. Follow the general contract when implementing the compareTo() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F12.met10-j",{"title":2707,"path":2708,"stem":2709},"MET11-J. Ensure that keys used in comparison operations are immutable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F13.met11-j",{"title":2711,"path":2712,"stem":2713},"MET12-J. Do not use finalizers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F14.met12-j",{"title":2715,"path":2716,"stem":2717},"MET13-J. Do not assume that reassigning method arguments modifies the calling environment","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F15.met13-j",{"title":2719,"path":2720,"stem":2721,"children":2722},"Miscellaneous (MSC)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F01.index",[2723,2724,2728,2732,2736,2740,2744,2748,2752,2754,2758,2762,2763],{"title":2719,"path":2720,"stem":2721},{"title":2725,"path":2726,"stem":2727},"MSC00-J. Use SSLSocket rather than Socket for secure data exchange","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F02.msc00-j",{"title":2729,"path":2730,"stem":2731},"MSC01-J. Do not use an empty infinite loop","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F03.msc01-j",{"title":2733,"path":2734,"stem":2735},"MSC02-J. Generate strong random numbers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F04.msc02-j",{"title":2737,"path":2738,"stem":2739},"MSC03-J. Never hard code sensitive information","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F05.msc03-j",{"title":2741,"path":2742,"stem":2743},"MSC04-J. Do not leak memory","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F06.msc04-j",{"title":2745,"path":2746,"stem":2747},"MSC05-J. Do not exhaust heap space","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F07.msc05-j",{"title":2749,"path":2750,"stem":2751},"MSC06-J. Do not modify the underlying collection when an iteration is in progress","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F08.msc06-j",{"title":69,"path":68,"stem":2753},"6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F09.msc07-j",{"title":2755,"path":2756,"stem":2757},"MSC08-J. Do not store nonserializable objects as attributes in an HTTP session","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F10.msc08-j",{"title":2759,"path":2760,"stem":2761},"MSC09-J. For OAuth, ensure (a) [relying party receiving user's ID in last step] is same as (b) [relying party the access token was granted to].","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F11.msc09-j",{"title":2160,"path":2115,"stem":2161},{"title":30,"path":2154,"stem":2156},{"title":2163,"path":2164,"stem":2165,"children":2765},[2766,2767,2771,2775,2779,2783,2787,2791,2795,2799,2803,2807,2811,2815],{"title":2163,"path":2164,"stem":2165},{"title":2768,"path":2769,"stem":2770},"NUM00-J. Detect or prevent integer overflow","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F02.num00-j",{"title":2772,"path":2773,"stem":2774},"NUM01-J. Do not perform bitwise and arithmetic operations on the same data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F03.num01-j",{"title":2776,"path":2777,"stem":2778},"NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F04.num02-j",{"title":2780,"path":2781,"stem":2782},"NUM03-J. Use integer types that can fully represent the possible range of unsigned data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F05.num03-j",{"title":2784,"path":2785,"stem":2786},"NUM04-J. Do not use floating-point numbers if precise computation is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F06.num04-j",{"title":2788,"path":2789,"stem":2790},"NUM07-J. Do not attempt comparisons with NaN","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F07.num07-j",{"title":2792,"path":2793,"stem":2794},"NUM08-J. Check floating-point inputs for exceptional values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F08.num08-j",{"title":2796,"path":2797,"stem":2798},"NUM09-J. Do not use floating-point variables as loop counters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F09.num09-j",{"title":2800,"path":2801,"stem":2802},"NUM10-J. Do not construct BigDecimal objects from floating-point literals","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F10.num10-j",{"title":2804,"path":2805,"stem":2806},"NUM11-J. Do not compare or inspect the string representation of floating-point values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F11.num11-j",{"title":2808,"path":2809,"stem":2810},"NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F12.num12-j",{"title":2812,"path":2813,"stem":2814},"NUM13-J. Avoid loss of precision when converting primitive integers to floating-point","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F13.num13-j",{"title":2816,"path":2817,"stem":2818},"NUM14-J. Use shift operators correctly","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F14.num14-j",{"title":2820,"path":2821,"stem":2822,"children":2823},"Object Orientation (OBJ)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F01.index",[2824,2825,2829,2833,2837,2841,2845,2849,2853,2857,2861,2865,2869,2873,2877],{"title":2820,"path":2821,"stem":2822},{"title":2826,"path":2827,"stem":2828},"OBJ01-J. Limit accessibility of fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F02.obj01-j",{"title":2830,"path":2831,"stem":2832},"OBJ02-J. Preserve dependencies in subclasses when changing superclasses","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F03.obj02-j",{"title":2834,"path":2835,"stem":2836},"OBJ03-J. Prevent heap pollution","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F04.obj03-j",{"title":2838,"path":2839,"stem":2840},"OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F05.obj04-j",{"title":2842,"path":2843,"stem":2844},"OBJ05-J. Do not return references to private mutable class members","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F06.obj05-j",{"title":2846,"path":2847,"stem":2848},"OBJ06-J. Defensively copy mutable inputs and mutable internal components","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F07.obj06-j",{"title":2850,"path":2851,"stem":2852},"OBJ07-J. Sensitive classes must not let themselves be copied","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F08.obj07-j",{"title":2854,"path":2855,"stem":2856},"OBJ08-J. Do not expose private members of an outer class from within a nested class","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F09.obj08-j",{"title":2858,"path":2859,"stem":2860},"OBJ09-J. Compare classes and not class names","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F10.obj09-j",{"title":2862,"path":2863,"stem":2864},"OBJ10-J. Do not use public static nonfinal fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F11.obj10-j",{"title":2866,"path":2867,"stem":2868},"OBJ11-J. Be wary of letting constructors throw exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F12.obj11-j",{"title":2870,"path":2871,"stem":2872},"OBJ12-J. Respect object-based annotations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F13.obj12-j",{"title":2874,"path":2875,"stem":2876},"OBJ13-J. Ensure that references to mutable objects are not exposed","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F14.obj13-j",{"title":2878,"path":2879,"stem":2880},"OBJ14-J. Do not use an object that has been freed.","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F15.obj14-j",{"title":2882,"path":2883,"stem":2884,"children":2885},"Platform Security (SEC)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F01.index",[2886,2887,2891,2895,2899,2903,2907,2911,2915,2919,2923,2927],{"title":2882,"path":2883,"stem":2884},{"title":2888,"path":2889,"stem":2890},"SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F02.sec00-j",{"title":2892,"path":2893,"stem":2894},"SEC01-J. Do not allow tainted variables in privileged blocks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F03.sec01-j",{"title":2896,"path":2897,"stem":2898},"SEC02-J. Do not base security checks on untrusted sources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F04.sec02-j",{"title":2900,"path":2901,"stem":2902},"SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F05.sec03-j",{"title":2904,"path":2905,"stem":2906},"SEC04-J. Protect sensitive operations with security manager checks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F06.sec04-j",{"title":2908,"path":2909,"stem":2910},"SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F07.sec05-j",{"title":2912,"path":2913,"stem":2914},"SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F08.sec06-j",{"title":2916,"path":2917,"stem":2918},"SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F09.sec07-j",{"title":2920,"path":2921,"stem":2922},"SEC08-J Trusted code must discard or clean any arguments provided by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F10.sec08-j",{"title":2924,"path":2925,"stem":2926},"SEC09-J Never leak the results of certain standard API methods from trusted code to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F11.sec09-j",{"title":2928,"path":2929,"stem":2930},"SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F12.sec10-j",{"title":2932,"path":2933,"stem":2934,"children":2935},"Runtime Environment (ENV)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F1.index",[2936,2937,2941,2945,2949,2959,2963,2967],{"title":2932,"path":2933,"stem":2934},{"title":2938,"path":2939,"stem":2940},"ENV00-J. Do not sign code that performs only unprivileged operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F2.env00-j",{"title":2942,"path":2943,"stem":2944},"ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F3.env01-j",{"title":2946,"path":2947,"stem":2948},"ENV02-J. Do not trust the values of environment variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F4.env02-j",{"title":2950,"path":2951,"stem":2952,"children":2953},"ENV03-J. Do not grant dangerous combinations of permissions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F5.env03-j\u002F1.index",[2954,2955],{"title":2950,"path":2951,"stem":2952},{"title":2956,"path":2957,"stem":2958},"DUMMY ENV03-J","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv03-j\u002Fdummy-env03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F5.env03-j\u002F2.dummy-env03-j",{"title":2960,"path":2961,"stem":2962},"ENV04-J. Do not disable bytecode verification","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F6.env04-j",{"title":2964,"path":2965,"stem":2966},"ENV05-J. Do not deploy an application that can be remotely monitored","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F7.env05-j",{"title":2968,"path":2969,"stem":2970},"ENV06-J. Production code must not contain debugging entry points","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F8.env06-j",{"title":2972,"path":2973,"stem":2974,"children":2975},"Serialization (SER)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F01.index",[2976,2977,2981,2985,2989,2993,2997,3001,3005,3009,3013,3017,3021,3025],{"title":2972,"path":2973,"stem":2974},{"title":2978,"path":2979,"stem":2980},"SER00-J. Enable serialization compatibility during class evolution","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F02.ser00-j",{"title":2982,"path":2983,"stem":2984},"SER01-J. Do not deviate from the proper signatures of serialization methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F03.ser01-j",{"title":2986,"path":2987,"stem":2988},"SER02-J. Sign then seal objects before sending them outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F04.ser02-j",{"title":2990,"path":2991,"stem":2992},"SER03-J. Do not serialize unencrypted sensitive data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F05.ser03-j",{"title":2994,"path":2995,"stem":2996},"SER04-J. Do not allow serialization and deserialization to bypass the security manager","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F06.ser04-j",{"title":2998,"path":2999,"stem":3000},"SER05-J. Do not serialize instances of inner classes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F07.ser05-j",{"title":3002,"path":3003,"stem":3004},"SER06-J. Make defensive copies of private mutable components during deserialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F08.ser06-j",{"title":3006,"path":3007,"stem":3008},"SER07-J. Do not use the default serialized form for classes with implementation-defined invariants","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F09.ser07-j",{"title":3010,"path":3011,"stem":3012},"SER08-J. Minimize privileges before deserializing from a privileged context","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F10.ser08-j",{"title":3014,"path":3015,"stem":3016},"SER09-J. Do not invoke overridable methods from the readObject() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F11.ser09-j",{"title":3018,"path":3019,"stem":3020},"SER10-J. Avoid memory and resource leaks during serialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F12.ser10-j",{"title":3022,"path":3023,"stem":3024},"SER11-J. Prevent overwriting of externalizable objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F13.ser11-j",{"title":3026,"path":3027,"stem":3028},"SER12-J. Prevent deserialization of untrusted data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F14.ser12-j",{"title":3030,"path":3031,"stem":3032,"children":3033},"Thread APIs (THI)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F1.index",[3034,3035,3039,3043,3047,3051,3055],{"title":3030,"path":3031,"stem":3032},{"title":3036,"path":3037,"stem":3038},"THI00-J. Do not invoke Thread.run()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F2.thi00-j",{"title":3040,"path":3041,"stem":3042},"THI01-J. Do not invoke ThreadGroup methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F3.thi01-j",{"title":3044,"path":3045,"stem":3046},"THI02-J. Notify all waiting threads rather than a single thread","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F4.thi02-j",{"title":3048,"path":3049,"stem":3050},"THI03-J. Always invoke wait() and await() methods inside a loop","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F5.thi03-j",{"title":3052,"path":3053,"stem":3054},"THI04-J. Ensure that threads performing blocking operations can be terminated","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F6.thi04-j",{"title":3056,"path":3057,"stem":3058},"THI05-J. Do not use Thread.stop() to terminate threads","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F7.thi05-j",{"title":3060,"path":3061,"stem":3062,"children":3063},"Thread Pools (TPS)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F1.index",[3064,3065,3069,3073,3077,3081],{"title":3060,"path":3061,"stem":3062},{"title":3066,"path":3067,"stem":3068},"TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F2.tps00-j",{"title":3070,"path":3071,"stem":3072},"TPS01-J. Do not execute interdependent tasks in a bounded thread pool","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F3.tps01-j",{"title":3074,"path":3075,"stem":3076},"TPS02-J. Ensure that tasks submitted to a thread pool are interruptible","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F4.tps02-j",{"title":3078,"path":3079,"stem":3080},"TPS03-J. Ensure that tasks executing in a thread pool do not fail silently","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F5.tps03-j",{"title":3082,"path":3083,"stem":3084},"TPS04-J. Ensure ThreadLocal variables are reinitialized when using thread pools","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F6.tps04-j",{"title":3086,"path":3087,"stem":3088,"children":3089},"Thread-Safety Miscellaneous (TSM)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F1.index",[3090,3091,3095,3099,3103],{"title":3086,"path":3087,"stem":3088},{"title":3092,"path":3093,"stem":3094},"TSM00-J. Do not override thread-safe methods with methods that are not thread-safe","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F2.tsm00-j",{"title":3096,"path":3097,"stem":3098},"TSM01-J. Do not let the this reference escape during object construction","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F3.tsm01-j",{"title":3100,"path":3101,"stem":3102},"TSM02-J. Do not use background threads during class initialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F4.tsm02-j",{"title":3104,"path":3105,"stem":3106},"TSM03-J. Do not publish partially initialized objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F5.tsm03-j",{"title":3108,"path":3109,"stem":3110,"children":3111},"Visibility and Atomicity (VNA)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F1.index",[3112,3113,3117,3119,3123,3127,3131],{"title":3108,"path":3109,"stem":3110},{"title":3114,"path":3115,"stem":3116},"VNA00-J. Ensure visibility when accessing shared primitive variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F2.vna00-j",{"title":699,"path":698,"stem":3118},"6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F3.vna01-j",{"title":3120,"path":3121,"stem":3122},"VNA02-J. Ensure that compound operations on shared variables are atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F4.vna02-j",{"title":3124,"path":3125,"stem":3126},"VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F5.vna03-j",{"title":3128,"path":3129,"stem":3130},"VNA04-J. Ensure that calls to chained methods are atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F6.vna04-j",{"title":3132,"path":3133,"stem":3134},"VNA05-J. Ensure atomicity when reading and writing 64-bit values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F7.vna05-j",{"title":3136,"path":3137,"stem":3138,"children":3139},"Recommendations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F01.index",[3140,3141,3154,3172,3225,3250,3279,3300,3333,3366,3427,3452,3493],{"title":3136,"path":3137,"stem":3138},{"title":2323,"path":3142,"stem":3143,"children":3144},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F1.index",[3145,3146,3150],{"title":2323,"path":3142,"stem":3143},{"title":3147,"path":3148,"stem":3149},"STR50-J. Use the appropriate method for counting characters in a string","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F2.str50-j",{"title":3151,"path":3152,"stem":3153},"STR51-J. Use the charset encoder and decoder classes when more control over the encoding process is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F3.str51-j",{"title":3155,"path":3156,"stem":3157,"children":3158},"Concurrency (CON)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F1.index",[3159,3160,3164,3168],{"title":3155,"path":3156,"stem":3157},{"title":3161,"path":3162,"stem":3163},"CON50-J. Do not assume that declaring a reference volatile guarantees safe publication of the members of the referenced object","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F2.con50-j",{"title":3165,"path":3166,"stem":3167},"CON51-J. Do not assume that the sleep(), yield(), or getState() methods provide synchronization semantics","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F3.con51-j",{"title":3169,"path":3170,"stem":3171},"CON52-J. Document thread-safety and use annotations where applicable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F4.con52-j",{"title":2349,"path":3173,"stem":3174,"children":3175},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F01.index",[3176,3177,3181,3185,3189,3193,3197,3201,3205,3209,3213,3217,3221],{"title":2349,"path":3173,"stem":3174},{"title":3178,"path":3179,"stem":3180},"DCL50-J. Use visually distinct identifiers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F02.dcl50-j",{"title":3182,"path":3183,"stem":3184},"DCL51-J. Do not shadow or obscure identifiers in subscopes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F03.dcl51-j",{"title":3186,"path":3187,"stem":3188},"DCL52-J. Do not declare more than one variable per declaration","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F04.dcl52-j",{"title":3190,"path":3191,"stem":3192},"DCL53-J. Minimize the scope of variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F05.dcl53-j",{"title":3194,"path":3195,"stem":3196},"DCL54-J. Use meaningful symbolic constants to represent literal values in program logic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F06.dcl54-j",{"title":3198,"path":3199,"stem":3200},"DCL55-J. Properly encode relationships in constant definitions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F07.dcl55-j",{"title":3202,"path":3203,"stem":3204},"DCL56-J. Do not attach significance to the ordinal associated with an enum","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F08.dcl56-j",{"title":3206,"path":3207,"stem":3208},"DCL57-J. Avoid ambiguous overloading of variable arity methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F09.dcl57-j",{"title":3210,"path":3211,"stem":3212},"DCL58-J. Enable compile-time type checking of variable arity parameter types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F10.dcl58-j",{"title":3214,"path":3215,"stem":3216},"DCL59-J. Do not apply public final to constants whose value might change in later releases","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl59-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F11.dcl59-j",{"title":3218,"path":3219,"stem":3220},"DCL60-J. Avoid cyclic dependencies between packages","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl60-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F12.dcl60-j",{"title":3222,"path":3223,"stem":3224},"DCL61-J. Do not use raw types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl61-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F13.dcl61-j",{"title":2367,"path":3226,"stem":3227,"children":3228},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F1.index",[3229,3230,3234,3238,3242,3246],{"title":2367,"path":3226,"stem":3227},{"title":3231,"path":3232,"stem":3233},"ERR50-J. Use exceptions only for exceptional conditions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F2.err50-j",{"title":3235,"path":3236,"stem":3237},"ERR51-J. Prefer user-defined exceptions over more general exception types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F3.err51-j",{"title":3239,"path":3240,"stem":3241},"ERR52-J. Avoid in-band error indicators","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F4.err52-j",{"title":3243,"path":3244,"stem":3245},"ERR53-J. Try to gracefully recover from system errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F5.err53-j",{"title":3247,"path":3248,"stem":3249},"ERR54-J. Use a try-with-resources statement to safely handle closeable resources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F6.err54-j",{"title":2413,"path":3251,"stem":3252,"children":3253},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F1.index",[3254,3255,3259,3263,3267,3271,3275],{"title":2413,"path":3251,"stem":3252},{"title":3256,"path":3257,"stem":3258},"EXP50-J. Do not confuse abstract object equality with reference equality","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F2.exp50-j",{"title":3260,"path":3261,"stem":3262},"EXP51-J. Do not perform assignments in conditional expressions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F3.exp51-j",{"title":3264,"path":3265,"stem":3266},"EXP52-J. Use braces for the body of an if, for, or while statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F4.exp52-j",{"title":3268,"path":3269,"stem":3270},"EXP53-J. Use parentheses for precedence of operation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F5.exp53-j",{"title":3272,"path":3273,"stem":3274},"EXP54-J. Understand the differences between bitwise and logical operators","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F6.exp54-j",{"title":3276,"path":3277,"stem":3278},"EXP55-J. Use the same type for the second and third operands in conditional expressions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F7.exp55-j",{"title":2451,"path":3280,"stem":3281,"children":3282},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F1.index",[3283,3284,3288,3292,3296],{"title":2451,"path":3280,"stem":3281},{"title":3285,"path":3286,"stem":3287},"FIO50-J. Do not make assumptions about file creation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F2.fio50-j",{"title":3289,"path":3290,"stem":3291},"FIO51-J. Identify files using multiple file attributes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F3.fio51-j",{"title":3293,"path":3294,"stem":3295},"FIO52-J. Do not store unencrypted sensitive information on the client side","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F4.fio52-j",{"title":3297,"path":3298,"stem":3299},"FIO53-J. Use the serialization methods writeUnshared() and readUnshared() with care","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F5.fio53-j",{"title":2525,"path":3301,"stem":3302,"children":3303},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F1.index",[3304,3305,3309,3313,3317,3321,3325,3329],{"title":2525,"path":3301,"stem":3302},{"title":3306,"path":3307,"stem":3308},"IDS50-J. Use conservative file naming conventions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F2.ids50-j",{"title":3310,"path":3311,"stem":3312},"IDS51-J. Properly encode or escape output","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F3.ids51-j",{"title":3314,"path":3315,"stem":3316},"IDS52-J. Prevent code injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F4.ids52-j",{"title":3318,"path":3319,"stem":3320},"IDS53-J. Prevent XPath Injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F5.ids53-j",{"title":3322,"path":3323,"stem":3324},"IDS54-J. Prevent LDAP injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F6.ids54-j",{"title":3326,"path":3327,"stem":3328},"IDS55-J. Understand how escape characters are interpreted when strings are loaded","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F7.ids55-j",{"title":3330,"path":3331,"stem":3332},"IDS56-J. Prevent arbitrary file upload","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F8.ids56-j",{"title":2657,"path":3334,"stem":3335,"children":3336},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F1.index",[3337,3338,3342,3346,3350,3354,3358,3362],{"title":2657,"path":3334,"stem":3335},{"title":3339,"path":3340,"stem":3341},"MET50-J. Avoid ambiguous or confusing uses of overloading","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F2.met50-j",{"title":3343,"path":3344,"stem":3345},"MET51-J. Do not use overloaded methods to differentiate between runtime types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F3.met51-j",{"title":3347,"path":3348,"stem":3349},"MET52-J. Do not use the clone() method to copy untrusted method parameters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F4.met52-j",{"title":3351,"path":3352,"stem":3353},"MET53-J. Ensure that the clone() method calls super.clone()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F5.met53-j",{"title":3355,"path":3356,"stem":3357},"MET54-J. Always provide feedback about the resulting value of a method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F6.met54-j",{"title":3359,"path":3360,"stem":3361},"MET55-J. Return an empty array or collection instead of a null value for methods that return an array or collection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F7.met55-j",{"title":3363,"path":3364,"stem":3365},"MET56-J. Do not use Object.equals() to compare cryptographic keys","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F8.met56-j",{"title":2719,"path":3367,"stem":3368,"children":3369},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F01.index",[3370,3371,3375,3379,3383,3387,3391,3395,3399,3403,3407,3411,3415,3419,3423],{"title":2719,"path":3367,"stem":3368},{"title":3372,"path":3373,"stem":3374},"MSC50-J. Minimize the scope of the @SuppressWarnings annotation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F02.msc50-j",{"title":3376,"path":3377,"stem":3378},"MSC51-J. Do not place a semicolon immediately following an if, for, or while condition","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F03.msc51-j",{"title":3380,"path":3381,"stem":3382},"MSC52-J. Finish every set of statements associated with a case label with a break statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F04.msc52-j",{"title":3384,"path":3385,"stem":3386},"MSC53-J. Carefully design interfaces before releasing them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F05.msc53-j",{"title":3388,"path":3389,"stem":3390},"MSC54-J. Avoid inadvertent wrapping of loop counters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F06.msc54-j",{"title":3392,"path":3393,"stem":3394},"MSC55-J. Use comments consistently and in a readable fashion","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F07.msc55-j",{"title":3396,"path":3397,"stem":3398},"MSC56-J. Detect and remove superfluous code and values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F08.msc56-j",{"title":3400,"path":3401,"stem":3402},"MSC57-J. Strive for logical completeness","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F09.msc57-j",{"title":3404,"path":3405,"stem":3406},"MSC58-J. Prefer using iterators over enumerations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F10.msc58-j",{"title":3408,"path":3409,"stem":3410},"MSC59-J. Limit the lifetime of sensitive data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc59-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F11.msc59-j",{"title":3412,"path":3413,"stem":3414},"MSC60-J. Do not use assertions to verify the absence of runtime errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc60-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F12.msc60-j",{"title":3416,"path":3417,"stem":3418},"MSC61-J. Do not use insecure or weak cryptographic algorithms","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc61-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F13.msc61-j",{"title":3420,"path":3421,"stem":3422},"MSC62-J. Store passwords using a hash function","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc62-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F14.msc62-j",{"title":3424,"path":3425,"stem":3426},"MSC63-J. Ensure that SecureRandom is properly seeded","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc63-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F15.msc63-j",{"title":2163,"path":3428,"stem":3429,"children":3430},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F1.index",[3431,3432,3436,3440,3444,3448],{"title":2163,"path":3428,"stem":3429},{"title":3433,"path":3434,"stem":3435},"NUM50-J. Convert integers to floating point for floating-point operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F2.num50-j",{"title":3437,"path":3438,"stem":3439},"NUM51-J. Do not assume that the remainder operator always returns a nonnegative result for integral operands","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F3.num51-j",{"title":3441,"path":3442,"stem":3443},"NUM52-J. Be aware of numeric promotion behavior","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F4.num52-j",{"title":3445,"path":3446,"stem":3447},"NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F5.num53-j",{"title":3449,"path":3450,"stem":3451},"NUM54-J. Do not use denormalized numbers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F6.num54-j",{"title":2820,"path":3453,"stem":3454,"children":3455},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F01.index",[3456,3457,3461,3465,3469,3473,3477,3481,3485,3489],{"title":2820,"path":3453,"stem":3454},{"title":3458,"path":3459,"stem":3460},"OBJ50-J. Never confuse the immutability of a reference with that of the referenced object","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F02.obj50-j",{"title":3462,"path":3463,"stem":3464},"OBJ51-J. Minimize the accessibility of classes and their members","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F03.obj51-j",{"title":3466,"path":3467,"stem":3468},"OBJ52-J. Write garbage-collection-friendly code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F04.obj52-j",{"title":3470,"path":3471,"stem":3472},"OBJ53-J. Do not use direct buffers for short-lived, infrequently used objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F05.obj53-j",{"title":3474,"path":3475,"stem":3476},"OBJ54-J. Do not attempt to help the garbage collector by setting local reference variables to null","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F06.obj54-j",{"title":3478,"path":3479,"stem":3480},"OBJ55-J. Remove short-lived objects from long-lived container objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F07.obj55-j",{"title":3482,"path":3483,"stem":3484},"OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F08.obj56-j",{"title":3486,"path":3487,"stem":3488},"OBJ57-J. Do not rely on methods that can be overridden by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F09.obj57-j",{"title":3490,"path":3491,"stem":3492},"OBJ58-J. Limit the extensibility of classes and methods with invariants","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F10.obj58-j",{"title":2882,"path":3494,"stem":3495,"children":3496},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F01.index",[3497,3498,3502,3506,3510,3514,3518,3522,3526,3530],{"title":2882,"path":3494,"stem":3495},{"title":3499,"path":3500,"stem":3501},"SEC50-J. Avoid granting excess privileges","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F02.sec50-j",{"title":3503,"path":3504,"stem":3505},"SEC51-J. Minimize privileged code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F03.sec51-j",{"title":3507,"path":3508,"stem":3509},"SEC52-J. Do not expose methods that use reduced-security checks to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F04.sec52-j",{"title":3511,"path":3512,"stem":3513},"SEC53-J. Define custom security permissions for fine-grained security","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F05.sec53-j",{"title":3515,"path":3516,"stem":3517},"SEC54-J. Create a secure sandbox using a security manager","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F06.sec54-j",{"title":3519,"path":3520,"stem":3521},"SEC55-J. Ensure that security-sensitive methods are called with validated arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F07.sec55-j",{"title":3523,"path":3524,"stem":3525},"SEC56-J. Do not serialize direct handles to system resources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F08.sec56-j",{"title":3527,"path":3528,"stem":3529},"SEC57-J. Do not let untrusted code misuse privileges of callback methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F09.sec57-j",{"title":3531,"path":3532,"stem":3533},"SEC58-J. Deserialization methods should not perform potentially dangerous operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F10.sec58-j",{"title":3535,"path":3536,"stem":3537,"children":3538},"Back Matter","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F1.index",[3539,3540,3544,3548,3551,3554,3674,3699],{"title":3535,"path":3536,"stem":3537},{"title":3541,"path":3542,"stem":3543},"Rec. AA. References","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F2.rec-aa-references",{"title":3545,"path":3546,"stem":3547},"Rec. BB. Definitions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-bb-definitions","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F3.rec-bb-definitions",{"title":3549,"path":2100,"stem":3550},"Rule AA. References","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F4.rule-aa-references",{"title":3552,"path":76,"stem":3553},"Rule BB. Glossary","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F5.rule-bb-glossary",{"title":3555,"path":3556,"stem":3557,"children":3558},"Rule or Rec. CC. Analyzers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F01.index",[3559,3560,3564,3568,3572,3576,3580,3584,3588,3592,3595,3599,3602,3606,3610,3614,3618,3622,3626,3630,3634,3638,3640,3644,3646,3650,3654,3658,3662,3666,3670],{"title":3555,"path":3556,"stem":3557},{"title":3561,"path":3562,"stem":3563},"CodeSonar","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcodesonar","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F02.codesonar",{"title":3565,"path":3566,"stem":3567},"CodeSonar_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcodesonar_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F03.codesonar_v",{"title":3569,"path":3570,"stem":3571},"Coverity","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcoverity","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F04.coverity",{"title":3573,"path":3574,"stem":3575},"Coverity_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcoverity_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F05.coverity_v",{"title":3577,"path":3578,"stem":3579},"Eclipse","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Feclipse","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F06.eclipse",{"title":3581,"path":3582,"stem":3583},"Eclipse_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Feclipse_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F07.eclipse_v",{"title":3585,"path":3586,"stem":3587},"Error Prone","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ferror-prone","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F08.error-prone",{"title":3589,"path":3590,"stem":3591},"Error Prone_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ferror-prone_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F09.error-prone_v",{"title":1914,"path":3593,"stem":3594},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffindbugs","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F10.findbugs",{"title":3596,"path":3597,"stem":3598},"Findbugs_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffindbugs_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F11.findbugs_v",{"title":1947,"path":3600,"stem":3601},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffortify","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F12.fortify",{"title":3603,"path":3604,"stem":3605},"Fortify_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffortify_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F13.fortify_v",{"title":3607,"path":3608,"stem":3609},"Klocwork","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fklocwork","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F14.klocwork",{"title":3611,"path":3612,"stem":3613},"Klocwork_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fklocwork_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F15.klocwork_v",{"title":3615,"path":3616,"stem":3617},"Parasoft","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fparasoft","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F16.parasoft",{"title":3619,"path":3620,"stem":3621},"Parasoft_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fparasoft_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F17.parasoft_v",{"title":3623,"path":3624,"stem":3625},"Pmd","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpmd","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F18.pmd",{"title":3627,"path":3628,"stem":3629},"Pmd_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpmd_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F19.pmd_v",{"title":3631,"path":3632,"stem":3633},"PVS-Studio","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpvs-studio","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F20.pvs-studio",{"title":3635,"path":3636,"stem":3637},"PVS-Studio_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpvs-studio_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F21.pvs-studio_v",{"title":1969,"path":1968,"stem":3639},"6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F22.security-reviewer-static-reviewer",{"title":3641,"path":3642,"stem":3643},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsecurity-reviewer-static-reviewer_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F23.security-reviewer-static-reviewer_v",{"title":1996,"path":1995,"stem":3645},"6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F24.sonarqube",{"title":3647,"path":3648,"stem":3649},"SonarQube_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsonarqube_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F25.sonarqube_v",{"title":3651,"path":3652,"stem":3653},"SpotBugs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fspotbugs","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F26.spotbugs",{"title":3655,"path":3656,"stem":3657},"SpotBugs_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fspotbugs_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F27.spotbugs_v",{"title":3659,"path":3660,"stem":3661},"The Checker Framework","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthe-checker-framework","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F28.the-checker-framework",{"title":3663,"path":3664,"stem":3665},"The Checker Framework_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthe-checker-framework_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F29.the-checker-framework_v",{"title":3667,"path":3668,"stem":3669},"ThreadSafe","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthreadsafe","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F30.threadsafe",{"title":3671,"path":3672,"stem":3673},"ThreadSafe_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthreadsafe_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F31.threadsafe_v",{"title":3675,"path":3676,"stem":3677,"children":3678},"Rule or Rec. DD. Related Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F1.index",[3679,3680,3684,3688,3692,3695],{"title":3675,"path":3676,"stem":3677},{"title":3681,"path":3682,"stem":3683},"2010","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002F2.2010","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F2.2010",{"title":3685,"path":3686,"stem":3687},"2013","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002F3.2013","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F3.2013",{"title":3689,"path":3690,"stem":3691},"MITRE CAPEC","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fmitre-capec","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F4.mitre-capec",{"title":2039,"path":3693,"stem":3694},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fmitre-cwe","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F5.mitre-cwe",{"title":3696,"path":3697,"stem":3698},"SECURE CODING GUIDELINES FOR JAVA SE, VERSION 5.0","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fsecure-coding-guidelines-for-java-se-version-50","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F6.secure-coding-guidelines-for-java-se-version-50",{"title":3700,"path":3701,"stem":3702},"Rule or Rec. EE. Risk Assessments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-ee-risk-assessments","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F8.rule-or-rec-ee-risk-assessments",{"title":3704,"path":3705,"stem":3706,"children":3707},"Admin","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F1.index",[3708,3709,3713,3717,3721,3725],{"title":3704,"path":3705,"stem":3706},{"title":3710,"path":3711,"stem":3712},"All Guidelines with Classification","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Fall-guidelines-with-classification","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F2.all-guidelines-with-classification",{"title":3714,"path":3715,"stem":3716},"Normative Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Fnormative-guidelines","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F3.normative-guidelines",{"title":3718,"path":3719,"stem":3720},"Tech-edit","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Ftech-edit","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F4.tech-edit",{"title":3722,"path":3723,"stem":3724},"TODO List","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Ftodo-list","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F5.todo-list",{"title":3722,"path":3723,"stem":3726},"6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F6.todo-list",1775657814535]