DATASHEET

CERT JAVA Rule Enforcement

(website 28 April 2020) 
https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java

Android Rules are not included.

ENFORCEMENT FOR KW 2023.3

  

Total

a

Total Number of Rules

183

b

Total Number of ‘Not Statically Enforceable’ Rules (Assisted/Unassisted)

0

c

Total Number of Enforceable Rules (a-b)

183

d

Total Number of Enforced Rules

7

e

Total Number of Unenforced Rules

176

f

Enforce Rules Percentage (d/c)

4%

g

Unenforced Rules Percentage (e/c)

96%

Rule ID

Description

Enforced

Rule 00.

Input Validation and Data Sanitization (IDS)

 

IDS00-J

Prevent SQL injection.

Yes

IDS01-J

Normalize strings before validating them.

Yes

IDS02-J

Canonicalize path names before validating them.

No

IDS03-J

Do not log unsanitized user input.

No

IDS04-J

Safely extract files from ZipInputStream.

No

IDS05-J

Use a safe subset of ASCII for file and path names.

No

IDS06-J

Exclude unsanitized user input from format strings.

No

IDS07-J

Sanitize untrusted data passed to the Runtime.exec() method.

Yes

IDS08-J

Sanitize untrusted data included in a regular expression.

No

IDS09-J

Specify an appropriate locale when comparing locale-dependent data.

No

IDS10-J

Don't form strings containing partial characters.

No

IDS11-J

Perform any string modifications before validation.

No

IDS13-J

Use compatible character encodings on both sides of file or network IO.

No

IDS14-J

Do not trust the contents of hidden form fields.

No

IDS15-J

Do not allow sensitive information to leak outside a trust boundary.

No

IDS16-J

Prevent XML Injection.

No

IDS17-J

Prevent XML External Entity Attacks.

No

Rule 01.

Declarations and Initialization (DCL)

 

DCL00-J

Prevent class initialization cycles.

No

DCL01-J

Do not reuse public identifiers from the Java Standard Library.

No

DCL02-J

Do not modify the collection's elements during an enhanced for statement.

No

Rule 02.

Expressions (EXP)

 

EXP00-J

Do not ignore values returned by methods.

No

EXP01-J

Do not use a null in a case where an object is required.

No

EXP02-J

Do not use the Object.equals() method to compare two arrays.

No

EXP03-J

Do not use the equality operators when comparing values of boxed primitives.

No

EXP04-J

Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type.

No

EXP05-J

Do not follow a write by a subsequent write or read of the same object within an expression.

No

EXP06-J

Expressions used in assertions must not produce side effects.

No

EXP07-J

Prevent loss of useful data due to weak references.

No

Rule 03.

Numeric Types and Operations (NUM)

 

NUM00-J

Detect or prevent integer overflow.

No

NUM01-J

Do not perform bitwise and arithmetic operations on the same data.

No

NUM02-J

Ensure that division and remainder operations do not result in divide-by-zero errors.

No

NUM03-J

Use integer types that can fully represent the possible range of unsigned data.

No

NUM04-J

Do not use floating-point numbers if precise computation is required.

No

NUM07-J

Do not attempt comparisons with NaN.

No

NUM08-J

Check floating-point inputs for exceptional values.

No

NUM09-J

Do not use floating-point variables as loop counters.

No

NUM10-J

Do not construct BigDecimal objects from floating-point literals.

No

NUM11-J

Do not compare or inspect the string representation of floating-point values.

No

NUM12-J

Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data.

No

NUM13-J

Avoid loss of precision when converting primitive integers to floating-point.

No

NUM14-J

Use shift operators correctly.

No

Rule 04.

Characters and Strings (STR)

 

STR00-J

Don't form strings containing partial characters from variable-width encodings.

No

STR01-J

Do not assume that a Java char fully represents a Unicode code point.

No

STR02-J

Specify an appropriate locale when comparing locale-dependent data.

No

STR03-J

Do not encode noncharacter data as a string.

No

STR04-J

Use compatible character encodings when communicating string data between JVMs.

No

Rule 05.

Object Orientation (OBJ)

 

OBJ01-J

Limit accessibility of fields.

No

OBJ02-J

Preserve dependencies in subclasses when changing superclasses.

No

OBJ03-J

Prevent heap pollution.

No

OBJ04-J

Provide mutable classes with copy functionality to safely allow passing instances to untrusted code.

No

OBJ05-J

Do not return references to private mutable class members.

No

OBJ06-J

Defensively copy mutable inputs and mutable internal components.

No

OBJ07-J

Sensitive classes must not let themselves be copied.

No

OBJ08-J

Do not expose private members of an outer class from within a nested class.

No

OBJ09-J

Compare classes and not class names.

No

OBJ10-J

Do not use public static nonfinal fields.

No

OBJ11-J

Be wary of letting constructors throw exceptions.

No

OBJ12-J

Respect object-based annotations.

No

OBJ13-J

Ensure that references to mutable objects are not exposed.

No

OBJ14-J

Do not use an object that has been freed.

No

Rule 06.

Methods (MET)

 

MET00-J

Validate method arguments.

No

MET01-J

Never use assertions to validate method arguments.

No

MET02-J

Do not use deprecated or obsolete classes or methods.

No

MET03-J

Methods that perform a security check must be declared private or final.

No

MET04-J

Do not increase the accessibility of overridden or hidden methods.

No

MET05-J

Ensure that constructors do not call overridable methods.

No

MET06-J

Do not invoke overridable methods in clone().

No

MET07-J

Never declare a class method that hides a method declared in a superclass or superinterface.

No

MET08-J

Preserve the equality contract when overriding the equals() method.

No

MET09-J

Classes that define an equals() method must also define a hashCode() method.

No

MET10-J

Follow the general contract when implementing the compareTo() method.

No

MET11-J

Ensure that keys used in comparison operations are immutable.

No

MET12-J

Do not use finalizers.

No

MET13-J

Do not assume that reassigning method arguments modifies the calling environment.

No

Rule 07.

Exceptional Behavior (ERR)

 

ERR00-J

Do not suppress or ignore checked exceptions.

No

ERR01-J

Do not allow exceptions to expose sensitive information.

No

ERR02-J

Prevent exceptions while logging data.

No

ERR03-J

Restore prior object state on method failure.

No

ERR04-J

Do not complete abruptly from a finally block.

No

ERR05-J

Do not let checked exceptions escape from a finally block.

No

ERR06-J

Do not throw undeclared checked exceptions.

No

ERR07-J

Do not throw RuntimeException, Exception, or Throwable.

No

ERR08-J

Do not catch NullPointerException or any of its ancestors.

Yes

ERR09-J

Do not allow untrusted code to terminate the JVM.

No

Rule 08.

Visibility and Atomicity (VNA)

 

VNA00-J

Ensure visibility when accessing shared primitive variables.

No

VNA01-J

Ensure visibility of shared references to immutable objects.

No

VNA02-J

Ensure that compound operations on shared variables are atomic.

No

VNA03-J

Do not assume that a group of calls to independently atomic methods is atomic.

No

VNA04-J

Ensure that calls to chained methods are atomic.

No

VNA05-J

Ensure atomicity when reading and writing 64-bit values.

No

Rule 09.

Locking (LCK)

 

LCK00-J

Use private final lock objects to synchronize classes that may interact with untrusted code.

No

LCK01-J

Do not synchronize on objects that may be reused.

No

LCK02-J

Do not synchronize on the class object returned by getClass().

No

LCK03-J

Do not synchronize on the intrinsic locks of high-level concurrency objects.

No

LCK04-J

Do not synchronize on a collection view if the backing collection is accessible.

No

LCK05-J

Synchronize access to static fields that can be modified by untrusted code.

No

LCK06-J

Do not use an instance lock to protect shared static data.

No

LCK07-J

Avoid deadlock by requesting and releasing locks in the same order.

No

LCK08-J

Ensure actively held locks are released on exceptional conditions.

No

LCK09-J

Do not perform operations that can block while holding a lock.

No

LCK10-J

Use a correct form of the double-checked locking idiom.

No

LCK11-J

Avoid client-side locking when using classes that do not commit to their locking strategy.

No

Rule 10.

Thread APIs (THI)

 

THI00-J

Do not invoke Thread.run().

No

THI01-J

Do not invoke ThreadGroup methods.

No

THI02-J

Notify all waiting threads rather than a single thread.

No

THI03-J

Always invoke wait() and await() methods inside a loop.

No

THI04-J

Ensure that threads performing blocking operations can be terminated.

No

THI05-J

Do not use Thread.stop() to terminate threads.

No

Rule 11.

Thread Pools (TPS)

 

TPS00-J

Use thread pools to enable graceful degradation of service during traffic bursts.

No

TPS01-J

Do not execute interdependent tasks in a bounded thread pool.

No

TPS02-J

Ensure that tasks submitted to a thread pool are interruptible.

No

TPS03-J

Ensure that tasks executing in a thread pool do not fail silently.

No

TPS04-J

Ensure ThreadLocal variables are reinitialized when using thread pools.

No

Rule 12.

Thread-Safety Miscellaneous (TSM)

 

TSM00-J

Do not override thread-safe methods with methods that are not thread-safe.

No

TSM01-J

Do not let the this reference escape during object construction.

No

TSM02-J

Do not use background threads during class initialization.

No

TSM03-J

Do not publish partially initialized objects.

No

Rule 13.

Input Output (FIO)

 

FIO00-J

Do not operate on files in shared directories.

No

FIO01-J

Create files with appropriate access permissions.

No

FIO02-J

Detect and handle file-related errors.

No

FIO03-J

Remove temporary files before termination.

No

FIO04-J

Release resources when they are no longer needed.

No

FIO05-J

Do not expose buffers or their backing arrays methods to untrusted code.

No

FIO06-J

Do not create multiple buffered wrappers on a single byte or character stream.

No

FIO07-J

Do not let external processes block on IO buffers.

No

FIO08-J

Distinguish between characters or bytes read from a stream and -1.

No

FIO09-J

Do not rely on the write() method to output integers outside the range 0 to 255.

No

FIO10-J

Ensure the array is filled when using read() to fill an array.

No

FIO11-J

Do not convert between strings and bytes without specifying a valid character encoding.

No

FIO12-J

Provide methods to read and write little-endian data.

No

FIO13-J

Do not log sensitive information outside a trust boundary.

No

FIO14-J

Perform proper cleanup at program termination.

No

FIO15-J

Do not reset a servlet's output stream after committing it.

No

FIO16-J

Canonicalize path names before validating them.

No

Rule 14.

Serialization (SER)

 

SER00-J

Enable serialization compatibility during class evolution.

No

SER01-J

Do not deviate from the proper signatures of serialization methods.

Yes

SER02-J

Sign then seal objects before sending them outside a trust boundary.

No

SER03-J

Do not serialize unencrypted sensitive data.

No

SER04-J

Do not allow serialization and deserialization to bypass the security manager.

No

SER05-J

Do not serialize instances of inner classes.

No

SER06-J

Make defensive copies of private mutable components during deserialization.

No

SER07-J

Do not use the default serialized form for classes with implementation-defined invariants.

No

SER08-J

Minimize privileges before deserializing from a privileged context.

No

SER09-J

Do not invoke overridable methods from the readObject() method.

No

SER10-J

Avoid memory and resource leaks during serialization.

No

SER11-J

Prevent overwriting of externalizable objects.

No

SER12-J

Prevent deserialization of untrusted data.

No

SER13-J

Deserialization methods should not perform potentially dangerous operations.

No

Rule 15.

Platform Security (SEC)

 

SEC00-J

Do not allow privileged blocks to leak sensitive information across a trust boundary.

No

SEC01-J

Do not allow tainted variables in privileged blocks.

No

SEC02-J

Do not base security checks on untrusted sources.

No

SEC03-J

Do not load trusted classes after allowing untrusted code to load arbitrary classes.

No

SEC04-J

Protect sensitive operations with security manager checks.

No

SEC05-J

Do not use reflection to increase accessibility of classes, methods, or fields.

No

SEC06-J

Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar.

No

SEC07-J

Call the superclass's getPermissions() method when writing a custom class loader.

No

SEC08-J

Trusted code must discard or clean any arguments provided by untrusted code.

No

SEC09-J

Never leak the results of certain standard API methods from trusted code to untrusted code.

No

SEC10-J

Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs.

No

Rule 16.

Runtime Environment (ENV)

 

ENV00-J

Do not sign code that performs only unprivileged operations.

No

ENV01-J

Place all security-sensitive code in a single JAR and sign and seal it.

No

ENV02-J

Do not trust the values of environment variables.

No

ENV03-J

Do not grant dangerous combinations of permissions.

No

ENV04-J

Do not disable bytecode verification.

No

ENV05-J

Do not deploy an application that can be remotely monitored.

No

ENV06-J

Production code must not contain debugging entry points.

No

Rule 17.

Java Native Interface (JNI)

 

JNI00-J

Define wrappers around native methods.

No

JNI01-J

Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary).

No

JNI02-J

Do not assume object references are constant or unique.

No

JNI03-J

Do not use direct pointers to Java objects in JNI code.

No

JNI04-J

Do not assume that Java strings are null-terminated.

No

Rule 49.

Miscellaneous (MSC)

 

MSC00-J

Use SSLSocket rather than Socket for secure data exchange.

No

MSC01-J

Do not use an empty infinite loop.

No

MSC02-J

Generate strong random numbers.

Yes

MSC03-J

Never hard code sensitive information.

Yes

MSC04-J

Do not leak memory.

No

MSC05-J

Do not exhaust heap space.

No

MSC06-J

Do not modify the underlying collection when an iteration is in progress.

No

MSC07-J

Prevent multiple instantiations of singleton objects.

No

MSC08-J

Do not store nonserializable objects as attributes in an HTTP session.

No

MSC09-J

For OAuth, ensure (a) [relying party receiving user's ID in last step] is same as (b) [relying party the access token was granted to].

No

MSC10-J

Do not use OAuth 2.0 implicit grant (unmodified) for authentication.

No

MSC11-J

Do not let session information leak within a servlet.

No