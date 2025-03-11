|Section
|
Rules
Supported All
|% Coverage
|
All
|
118
|
121
|
97.5
|
PRE
|
3
|
3
|
100.0
|
DCL
|
8
|
8
|
100.0
|
EXP
|
15
|
15
|
100.0
|
INT
|
7
|
7
|
100.0
|
FLP
|
5
|
5
|
100.0
|
ARR
|
6
|
6
|
100.0
|
STR
|
6
|
6
|
100.0
|
MEM
|
6
|
6
|
100.0
|
FIO
|
13
|
13
|
100.0
|
ENV
|
5
|
5
|
100.0
|
SIG
|
4
|
4
|
100.0
|
ERR
|
4
|
4
|
100.0
|
CON
|
13
|
13
|
100.0
|
MSC
|
8
|
8
|
100.0
|
POS
|
14
|
17
|
82.4
|
WIN
|
1
|
1
|
100.0
|Rule
|Description
|
Do not create a universal character name through concatenation.
|
Avoid side effects in arguments to unsafe macros.
|
Do not use preprocessor directives in invocations of function-like macros.
|
Declare objects with appropriate storage durations.
|
Declare identifiers before using them.
|
Do not declare an identifier with conflicting linkage classifications.
|
Do not declare or define a reserved identifier.
|
Use the correct syntax when declaring a flexible array member.
|
Avoid information leakage when passing a structure across a trust boundary.
|
Do not create incompatible declarations of the same function or object.
|
Do not declare variables inside a switch statement before the first case label.
|
Do not depend on order of evaluation for side effects.
|
Do not access a volatile object through a nonvolatile reference.
|
Do not read uninitialized memory.
|
Do not dereference null pointers.
|
Do not modify objects with temporary lifetime.
|
Do not cast pointers into more strictly aligned pointer types.
|
Call functions with the correct number and type of arguments.
|
Do not access a variable through a pointer of an incompatible type.
|
Do not modify constant objects.
|
Do not compare padding data.
|
Avoid undefined behavior when using restrict-qualified pointers.
|
Do not rely on side effects in operands to sizeof, _Alignof, or _Generic.
|
Do not perform assignments in selection statements.
|
Do not use a bitwise operator with a Boolean-like operand.
|
Do not call va_arg with an argument of the incorrect type.
|
Ensure that unsigned integer operations do not wrap.
|
Ensure that integer conversions do not result in lost or misinterpreted data.
|
Ensure that operations on signed integers do not result in overflow.
|
Ensure that division and remainder operations do not result in divide-by-zero errors.
|
Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand.
|
Use correct integer precisions.
|
Converting a pointer to integer or integer to pointer.
|
Do not use floating-point variables as loop counters.
|
Prevent or detect domain and range errors in math functions.
|
Ensure that floating-point conversions are within range of the new type.
|
Preserve precision when converting integral values to floating-point type.
|
Do not use object representations to compare floating-point values.
|
Do not form or use out of bounds pointers or array subscripts.
|
Ensure size arguments for variable length arrays are in a valid range.
|
Do not subtract or compare two pointers that do not refer to the same array.
|
Do not add or subtract an integer to a pointer to a non-array object.
|
Guarantee that library functions do not form invalid pointers.
|
Do not add or subtract a scaled integer to a pointer.
|
Do not attempt to modify string literals.
|
Guarantee that storage for strings has sufficient space for character data and the null terminator.
|
Do not pass a non-null-terminated character sequence to a library function that expects a string.
|
Cast characters to unsigned char before converting to larger integer sizes.
|
Arguments to character-handling functions must be representable as an unsigned char.
|
Do not confuse narrow and wide character strings and functions.
|
Do not access freed memory.
|
Free dynamically allocated memory when no longer needed.
|
Allocate and copy structures containing a flexible array member dynamically.
|
Only free memory allocated dynamically.
|
Allocate sufficient memory for an object.
|
Do not modify the alignment of objects by calling realloc().
|
Exclude user input from format strings.
|
Do not perform operations on devices that are only appropriate for files.
|
Distinguish between characters read from a file and EOF or WEOF.
|
Do not assume that fgets() or fgetws() returns a nonempty string when successful.
|
Do not copy a FILE object.
|
Do not alternately input and output from a stream without an intervening flush or positioning call.
|
Reset strings on fgets() or fgetws() failure.
|
Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects.
|
Close files when they are no longer needed.
|
Only use values for fsetpos() that are returned from fgetpos().
|
Avoid TOCTOU race conditions while accessing files.
|
Do not access a closed file.
|
Use valid format strings.
|
Do not modify the object referenced by the return value of certain functions.
|
Do not rely on an environment pointer following an operation that may invalidate it.
|
All exit handlers must return normally.
|
Do not call system().
|
Do not store pointers returned by certain functions.
|
Call only asynchronous-safe functions within signal handlers.
|
Do not access shared objects in signal handlers.
|
Do not call signal() from within interruptible signal handlers.
|
Do not return from a computational exception signal handler.
|
Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure.
|
Do not rely on indeterminate values of errno.
|
Detect and handle standard library errors.
|
Detect errors when converting a string to a number.
|
Clean up thread-specific storage.
|
Do not destroy a mutex while it is locked.
|
Prevent data races when accessing bit-fields from multiple threads.
|
Avoid race conditions when using library functions.
|
Declare objects shared between threads with appropriate storage durations.
|
Avoid deadlock by locking in predefined order.
|
Wrap functions that can spuriously wake up in a loop.
|
Do not call signal() in a multithreaded program.
|
Preserve thread safety and liveness when using condition variables.
|
Do not join or detach a thread that was previously joined or detached.
|
Do not refer to an atomic variable twice in an expression.
|
Wrap functions that can fail spuriously in a loop.
|
Do not allow data races in multithreaded code.
|
Do not use the rand() function for generating pseudorandom numbers.
|
Properly seed pseudorandom number generators.
|
Do not pass invalid data to the asctime() function.
|
Ensure that control never reaches the end of a non-void function.
|
Do not treat a predefined identifier as an object if it might only be implemented as a macro.
|
Do not call va_arg() on a va_list that has an indeterminate value.
|
Do not violate constraints.
|
Never hard code sensitive information.
|
Use the readlink() function properly.
|
Do not use vfork().
|
Do not call putenv() with a pointer to an automatic variable as the argument.
|
Avoid race conditions while checking for the existence of a symbolic link.
|
Observe correct revocation order while relinquishing privileges.
|
Ensure that privilege relinquishment is successful.
|
Beware of race conditions when using fork and file descriptors.
|
Use the correct byte ordering when transferring data between systems.
|
Do not use signals to terminate threads.
|
Do not use threads that can be canceled asynchronously.
|
When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed.
|
Declare objects shared between POSIX threads with appropriate storage durations.
|
Do not perform operations that can block while holding a POSIX lock.
|
Detect and handle POSIX library errors.
|
Properly pair allocation and deallocation functions.
|Section
|
Rules
Supported All
|% Coverage
|
All
|
83
|
83
|
100.0
|
DCL
|
11
|
11
|
100.0
|
EXP
|
14
|
14
|
100.0
|
INT
|
1
|
1
|
100.0
|
CTR
|
9
|
9
|
100.0
|
STR
|
4
|
4
|
100.0
|
MEM
|
8
|
8
|
100.0
|
FIO
|
2
|
2
|
100.0
|
ERR
|
13
|
13
|
100.0
|
OOP
|
9
|
9
|
100.0
|
CON
|
7
|
7
|
100.0
|
MSC
|
5
|
5
|
100.0
|Rule
|Description
|
Do not define a C-style variadic function.
|
Do not declare or define a reserved identifier.
|
Never qualify a reference type with const or volatile.
|
Do not write syntactically ambiguous declarations.
|
Overload allocation and deallocation functions as a pair in the same scope.
|
Avoid information leakage when passing a class object across a trust boundary.
|
Avoid cycles during initialization of static objects.
|
Do not let exceptions escape from destructors or deallocation functions.
|
Do not modify the standard namespaces.
|
Do not define an unnamed namespace in a header file.
|
Obey the one-definition rule.
|
Do not depend on the order of evaluation for side effects.
|
Do not delete an array through a pointer of the incorrect type.
|
Do not rely on side effects in unevaluated operands.
|
Do not read uninitialized memory.
|
Do not access an object outside of its lifetime.
|
Do not access a cv-qualified object through a cv-unqualified type.
|
Do not call a function with a mismatched language linkage.
|
Do not cast or delete pointers to incomplete classes.
|
Pass an object of the correct type to va_start.
|
Use offsetof() on valid types and members.
|
Do not pass a nonstandard-layout type object across execution boundaries.
|
A lambda object must not outlive any of its reference captured objects.
|
Do not access the bits of an object representation that are not part of the object's value representation.
|
Do not rely on the value of a moved-from object.
|
Do not cast to an out-of-range enumeration value.
|
Guarantee that container indices and iterators are within the valid range.
|
Use valid references, pointers, and iterators to reference elements of a container.
|
Guarantee that library functions do not overflow.
|
Use valid iterator ranges.
|
Do not subtract iterators that do not refer to the same container.
|
Do not use an additive operator on an iterator if the result would overflow.
|
Do not use pointer arithmetic on polymorphic objects.
|
Provide a valid ordering predicate.
|
Predicate function objects should not be mutable.
|
Guarantee that storage for strings has sufficient space for character data and the null terminator.
|
Do not attempt to create a std::string from a null pointer.
|
Use valid references, pointers, and iterators to reference elements of a basic_string.
|
Range check element access.
|
Do not access freed memory.
|
Properly deallocate dynamically allocated resources.
|
Detect and handle memory allocation errors.
|
Explicitly construct and destruct objects when manually managing object lifetime.
|
Provide placement new with properly aligned pointers to sufficient storage capacity.
|
Honor replacement dynamic storage management requirements.
|
Do not store an already-owned pointer value in an unrelated smart pointer.
|
Avoid using default operator new for over-aligned types.
|
Do not alternately input and output from a file stream without an intervening positioning call.
|
Close files when they are no longer needed.
|
Do not abruptly terminate the program.
|
Handle all exceptions.
|
Do not use setjmp() or longjmp().
|
Do not reference base classes or class data members in a constructor or destructor function-try-block handler.
|
Catch handlers should order their parameter types from most derived to least derived.
|
Honor exception specifications.
|
Guarantee exception safety.
|
Do not leak resources when handling exceptions.
|
Handle all exceptions thrown before main() begins executing.
|
Do not throw an exception across execution boundaries.
|
Exception objects must be nothrow copy constructible.
|
Catch exceptions by lvalue reference.
|
Detect errors when converting a string to a number.
|
Do not invoke virtual functions from constructors or destructors.
|
Do not slice derived objects.
|
Do not delete a polymorphic object without a virtual destructor.
|
Write constructor member initializers in the canonical order.
|
Gracefully handle self-copy assignment.
|
Do not use pointer-to-member operators to access nonexistent members.
|
Honor replacement handler requirements.
|
Prefer special member functions and overloaded operators to C Standard Library functions.
|
Copy operations must not mutate the source object.
|
Do not destroy a mutex while it is locked.
|
Ensure actively held locks are released on exceptional conditions.
|
Prevent data races when accessing fields from multiple threads.
|
Avoid deadlocks by locking in a predefined order.
|
Wrap functions that can spuriously wake up in a loop.
|
Preserve thread safety and liveness when using condition variables.
|
Do not speculatively lock a non-recursive mutex that is already owned by the calling thread.
|
Do not use std::rand() for generating pseudorandom numbers.
|
Ensure your random number generator is properly seeded.
|
Value-returning functions must return a value from all exit paths.
|
Do not return from a function declared [[noreturn]].
|
A signal handler must be a plain old function.
|Section
|
Recommendations
Supported All
|% Coverage
|
All
|
103
|
191
|
53.9
|
PRE
|
7
|
14
|
50.0
|
DCL
|
14
|
23
|
60.9
|
EXP
|
11
|
16
|
68.8
|
INT
|
12
|
16
|
75.0
|
FLP
|
4
|
8
|
50.0
|
ARR
|
3
|
3
|
100.0
|
STR
|
6
|
12
|
50.0
|
MEM
|
10
|
17
|
58.8
|
FIO
|
7
|
20
|
35.0
|
ENV
|
1
|
3
|
33.3
|
SIG
|
2
|
3
|
66.7
|
ERR
|
2
|
8
|
25.0
|
API
|
4
|
9
|
44.4
|
CON
|
2
|
8
|
25.0
|
MSC
|
12
|
22
|
54.5
|
POS
|
3
|
4
|
75.0
|
WIN
|
3
|
5
|
60.0
|Rule
|Description
|
Prefer inline or static functions to function-like macros.
|
Enclose header files in an include guard.
|
Avoid using repeated question marks.
|
Do not replace secure functions with deprecated or obsolescent functions.
|
Wrap multistatement macros in a do-while loop.
|
Do not conclude macro definitions with a semicolon.
|
Do not define unsafe macros.
|
Do not reuse variable names in subscopes.
|
Use visually distinct identifiers.
|
Use meaningful symbolic constants to represent literal values.
|
Include the appropriate type information in function declarators.
|
Maintain the contract between the writer and caller of variadic functions.
|
Understand the type issues associated with variadic functions.
|
Implement abstract data types using opaque types.
|
Declare function parameters that are pointers to values not changed by the function as const.
|
Declare file-scope objects or functions that do not need external linkage as static.
|
Use "L," not "l," to indicate a long value.
|
Do not begin integer constants with 0 when specifying a decimal value.
|
Minimize the scope of variables and functions.
|
Use volatile for data that cannot be cached.
|
Guarantee that mutually visible identifiers are unique.
|
Use parentheses for precedence of operation.
|
Do not cast away a const qualification.
|
Ensure pointer arithmetic is used correctly.
|
Use sizeof to determine the size of a type or variable.
|
Do not depend on the order of evaluation of subexpressions or the order in which side effects take place.
|
Do not ignore values returned by functions.
|
Treat relational and equality operators as if they were nonassociative.
|
Do not place a semicolon on the same line as an if, for, or while statement.
|
Do not compare function pointers to constant values.
|
Use braces for the body of an if, for, or while statement.
|
Perform explicit tests to determine success, true and false, and equality.
|
Understand the data model used by your implementation(s).
|
Understand integer conversion rules.
|
Enforce limits on integer values originating from tainted sources.
|
Use only explicitly signed or unsigned char type for numeric values.
|
Verify that all integer values are in range.
|
Ensure enumeration constants map to unique values.
|
Do not assume a positive remainder when using the % operator.
|
Do not make assumptions about the type of a plain int bit-field when used in an expression.
|
Use bitwise operators only on unsigned operands.
|
Avoid performing bitwise and arithmetic operations on the same data.
|
Define integer constants in an implementation-independent manner.
|
Evaluate integer expressions in a larger size before comparing or assigning to that size.
|
Understand the limitations of floating-point numbers.
|
Avoid using floating-point numbers when precise computation is needed.
|
Detect and handle floating-point errors.
|
Convert integers to floating point for floating-point operations.
|
Understand how arrays work.
|
Do not apply the sizeof operator to a pointer when taking the size of an array.
|
Explicitly specify array bounds, even if implicitly defined by an initializer.
|
Represent characters using an appropriate type.
|
Sanitize data passed to complex subsystems.
|
Do not inadvertently truncate a string.
|
Do not assume that strtok() leaves the parse string unchanged.
|
Use the bounds-checking interfaces for string manipulation.
|
Do not specify the bound of a character array initialized with a string literal.
|
Allocate and free memory in the same module, at the same level of abstraction.
|
Store a new value in pointers immediately after free().
|
Immediately cast the result of a memory allocation function call into a pointer to the allocated type.
|
Clear sensitive information stored in reusable resources.
|
Beware of zero-length allocations.
|
Avoid large stack allocations.
|
Ensure that sensitive data is not written out to disk.
|
Ensure that the arguments to calloc(), when multiplied, do not wrap.
|
Do not assume infinite heap space.
|
Consider using a goto chain when leaving a function on error when using and releasing resources.
|
Be careful using functions that use file names for identification.
|
Canonicalize path names originating from tainted sources.
|
Create files with appropriate access permissions.
|
Take care when specifying the mode parameter of fopen().
|
Avoid unintentional truncation when using fgets() or fgetws().
|
Do not create temporary files in shared directories.
|
Do not open a file that is already open.
|
Do not make assumptions about the size of an environment variable.
|
Mask signals handled by noninterruptible signal handlers.
|
Avoid using signals to implement normal functionality.
|
Adopt and implement a consistent and comprehensive error-handling policy.
|
Prefer functions that support error checking over equivalent functions that don't.
|
Functions that read or write to or from an array should take an argument to specify the source or target size.
|
Provide a consistent and usable error-checking mechanism.
|
Use conformant array parameters.
|
Compatible values should have the same type.
|
Acquire and release synchronization primitives in the same module, at the same level of abstraction.
|
Do not perform operations that can block while holding a lock.
|
Compile cleanly at high warning levels.
|
Strive for logical completeness.
|
Use comments consistently and in a readable fashion.
|
Detect and remove code that has no effect or is never executed.
|
Detect and remove unused values.
|
Do not depend on undefined behavior.
|
Finish every set of statements associated with a case label with a break statement.
|
Be careful while handling sensitive data, such as passwords, in program code.
|
Do not use a switch statement to transfer control into a complex block.
|
Use robust loop termination conditions.
|
Use the setjmp(), longjmp() facility securely.
|
Do not use deprecated or obsolescent functions.
|
Check for the existence of links when dealing with files.
|
Follow the principle of least privilege.
|
Limit access to files by creating a jail.
|
Be specific when dynamically loading libraries.
|
Do not forcibly terminate execution.
|
Restrict privileges when spawning child processes.
|Section
|
Rules
Supported All
|% Coverage
|
All
|
153
|
200
|
76.5
|
IDS
|
11
|
11
|
100.0
|
DCL
|
3
|
3
|
100.0
|
EXP
|
6
|
7
|
85.7
|
NUM
|
13
|
13
|
100.0
|
STR
|
5
|
5
|
100.0
|
OBJ
|
10
|
13
|
76.9
|
MET
|
12
|
14
|
85.7
|
ERR
|
10
|
10
|
100.0
|
VNA
|
6
|
6
|
100.0
|
LCK
|
12
|
12
|
100.0
|
THI
|
6
|
6
|
100.0
|
TPS
|
5
|
5
|
100.0
|
TSM
|
4
|
4
|
100.0
|
FIO
|
16
|
16
|
100.0
|
SER
|
12
|
13
|
92.3
|
SEC
|
8
|
8
|
100.0
|
ENV
|
3
|
7
|
42.9
|
JNI
|
2
|
5
|
40.0
|
MSC
|
9
|
12
|
75.0
|
DRD
|
0
|
30
|
0.0
|Rule
|Description
|
Prevent SQL injection.
|
Normalize strings before validating them.
|
Do not log unsanitized user input.
|
Safely extract files from ZipInputStream.
|
Exclude unsanitized user input from format strings.
|
Sanitize untrusted data passed to the Runtime.exec() method.
|
Sanitize untrusted data included in a regular expression.
|
Perform any string modifications before validation.
|
Do not trust the contents of hidden form fields.
|
Prevent XML Injection.
|
Prevent XML External Entity Attacks.
|
Prevent class initialization cycles.
|
Do not reuse public identifiers from the Java Standard Library.
|
Do not modify the collection's elements during an enhanced for statement.
|
Do not ignore values returned by methods.
|
Do not use a null in a case where an object is required.
|
Do not use the Object.equals() method to compare two arrays.
|
Do not use the equality operators when comparing values of boxed primitives.
|
Do not follow a write by a subsequent write or read of the same object within an expression.
|
Expressions used in assertions must not produce side effects.
|
Detect or prevent integer overflow.
|
Do not perform bitwise and arithmetic operations on the same data.
|
Ensure that division and remainder operations do not result in divide-by-zero errors.
|
Use integer types that can fully represent the possible range of unsigned data.
|
Do not use floating-point numbers if precise computation is required.
|
Do not attempt comparisons with NaN.
|
Check floating-point inputs for exceptional values.
|
Do not use floating-point variables as loop counters.
|
Do not construct BigDecimal objects from floating-point literals.
|
Do not compare or inspect the string representation of floating-point values.
|
Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data.
|
Avoid loss of precision when converting primitive integers to floating-point.
|
Use shift operators correctly.
|
Don't form strings containing partial characters from variable-width encodings.
|
Do not assume that a Java char fully represents a Unicode code point.
|
Specify an appropriate locale when comparing locale-dependent data.
|
Do not encode noncharacter data as a string.
|
Use compatible character encodings when communicating string data between JVMs.
|
Limit accessibility of fields.
|
Provide mutable classes with copy functionality to safely allow passing instances to untrusted code.
|
Do not return references to private mutable class members.
|
Defensively copy mutable inputs and mutable internal components.
|
Sensitive classes must not let themselves be copied.
|
Do not expose private members of an outer class from within a nested class.
|
Compare classes and not class names.
|
Do not use public static nonfinal fields.
|
Be wary of letting constructors throw exceptions.
|
Ensure that references to mutable objects are not exposed.
|
Validate method arguments.
|
Never use assertions to validate method arguments.
|
Do not use deprecated or obsolete classes or methods.
|
Methods that perform a security check must be declared private or final.
|
Do not increase the accessibility of overridden or hidden methods.
|
Ensure that constructors do not call overridable methods.
|
Do not invoke overridable methods in clone().
|
Never declare a class method that hides a method declared in a superclass or superinterface.
|
Preserve the equality contract when overriding the equals() method.
|
Classes that define an equals() method must also define a hashCode() method.
|
Ensure that keys used in comparison operations are immutable.
|
Do not use finalizers.
|
Do not suppress or ignore checked exceptions.
|
Do not allow exceptions to expose sensitive information.
|
Prevent exceptions while logging data.
|
Restore prior object state on method failure.
|
Do not complete abruptly from a finally block.
|
Do not let checked exceptions escape from a finally block.
|
Do not throw undeclared checked exceptions.
|
Do not throw RuntimeException, Exception, or Throwable.
|
Do not catch NullPointerException or any of its ancestors.
|
Do not allow untrusted code to terminate the JVM.
|
Ensure visibility when accessing shared primitive variables.
|
Ensure visibility of shared references to immutable objects.
|
Ensure that compound operations on shared variables are atomic.
|
Do not assume that a group of calls to independently atomic methods is atomic.
|
Ensure that calls to chained methods are atomic.
|
Ensure atomicity when reading and writing 64-bit values.
|
Use private final lock objects to synchronize classes that may interact with untrusted code.
|
Do not synchronize on objects that may be reused.
|
Do not synchronize on the class object returned by getClass().
|
Do not synchronize on the intrinsic locks of high-level concurrency objects.
|
Do not synchronize on a collection view if the backing collection is accessible.
|
Synchronize access to static fields that can be modified by untrusted code.
|
Do not use an instance lock to protect shared static data.
|
Avoid deadlock by requesting and releasing locks in the same order.
|
Ensure actively held locks are released on exceptional conditions.
|
Do not perform operations that can block while holding a lock.
|
Use a correct form of the double-checked locking idiom.
|
Avoid client-side locking when using classes that do not commit to their locking strategy.
|
Do not invoke Thread.run().
|
Do not invoke ThreadGroup methods.
|
Notify all waiting threads rather than a single thread.
|
Always invoke wait() and await() methods inside a loop.
|
Ensure that threads performing blocking operations can be terminated.
|
Do not use Thread.stop() to terminate threads.
|
Use thread pools to enable graceful degradation of service during traffic bursts.
|
Do not execute interdependent tasks in a bounded thread pool.
|
Ensure that tasks submitted to a thread pool are interruptible.
|
Ensure that tasks executing in a thread pool do not fail silently.
|
Ensure ThreadLocal variables are reinitialized when using thread pools.
|
Do not override thread-safe methods with methods that are not thread-safe.
|
Do not let the this reference escape during object construction.
|
Do not use background threads during class initialization.
|
Do not publish partially initialized objects.
|
Do not operate on files in shared directories.
|
Create files with appropriate access permissions.
|
Detect and handle file-related errors.
|
Remove temporary files before termination.
|
Release resources when they are no longer needed.
|
Do not expose buffers or their backing arrays methods to untrusted code.
|
Do not create multiple buffered wrappers on a single byte or character stream.
|
Do not let external processes block on IO buffers.
|
Distinguish between characters or bytes read from a stream and -1.
|
Do not rely on the write() method to output integers outside the range 0 to 255.
|
Ensure the array is filled when using read() to fill an array.
|
Provide methods to read and write little-endian data.
|
Do not log sensitive information outside a trust boundary.
|
Perform proper cleanup at program termination.
|
Do not reset a servlet's output stream after committing it.
|
Canonicalize path names before validating them.
|
Enable serialization compatibility during class evolution.
|
Do not deviate from the proper signatures of serialization methods.
|
Sign then seal objects before sending them outside a trust boundary.
|
Do not allow serialization and deserialization to bypass the security manager.
|
Do not serialize instances of inner classes.
|
Make defensive copies of private mutable components during deserialization.
|
Do not use the default serialized form for classes with implementation-defined invariants.
|
Minimize privileges before deserializing from a privileged context.
|
Do not invoke overridable methods from the readObject() method.
|
Avoid memory and resource leaks during serialization.
|
Prevent overwriting of externalizable objects.
|
Prevent deserialization of untrusted data.
|
Do not allow privileged blocks to leak sensitive information across a trust boundary.
|
Do not allow tainted variables in privileged blocks.
|
Do not base security checks on untrusted sources.
|
Do not load trusted classes after allowing untrusted code to load arbitrary classes.
|
Protect sensitive operations with security manager checks.
|
Do not use reflection to increase accessibility of classes, methods, or fields.
|
Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar.
|
Call the superclass's getPermissions() method when writing a custom class loader.
|
Do not trust the values of environment variables.
|
Do not grant dangerous combinations of permissions.
|
Production code must not contain debugging entry points.
|
Define wrappers around native methods.
|
Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary).
|
Use SSLSocket rather than Socket for secure data exchange.
|
Do not use an empty infinite loop.
|
Generate strong random numbers.
|
Never hard code sensitive information.
|
Do not leak memory.
|
Do not exhaust heap space.
|
Do not modify the underlying collection when an iteration is in progress.
|
Prevent multiple instantiations of singleton objects.
|
Do not let session information leak within a servlet.