The Synopsys Software Integrity Group is now Black Duck®. Learn More

CERT C rule coverage

Section

Rules

Supported All

% Coverage

All

118

121

97.5

PRE

3

3

100.0

DCL

8

8

100.0

EXP

15

15

100.0

INT

7

7

100.0

FLP

5

5

100.0

ARR

6

6

100.0

STR

6

6

100.0

MEM

6

6

100.0

FIO

13

13

100.0

ENV

5

5

100.0

SIG

4

4

100.0

ERR

4

4

100.0

CON

13

13

100.0

MSC

8

8

100.0

POS

14

17

82.4

WIN

1

1

100.0

CERT C supported rules

Rule Description

PRE30-C

Do not create a universal character name through concatenation.

PRE31-C

Avoid side effects in arguments to unsafe macros.

PRE32-C

Do not use preprocessor directives in invocations of function-like macros.

DCL30-C

Declare objects with appropriate storage durations.

DCL31-C

Declare identifiers before using them.

DCL36-C

Do not declare an identifier with conflicting linkage classifications.

DCL37-C

Do not declare or define a reserved identifier.

DCL38-C

Use the correct syntax when declaring a flexible array member.

DCL39-C

Avoid information leakage when passing a structure across a trust boundary.

DCL40-C

Do not create incompatible declarations of the same function or object.

DCL41-C

Do not declare variables inside a switch statement before the first case label.

EXP30-C

Do not depend on order of evaluation for side effects.

EXP32-C

Do not access a volatile object through a nonvolatile reference.

EXP33-C

Do not read uninitialized memory.

EXP34-C

Do not dereference null pointers.

EXP35-C

Do not modify objects with temporary lifetime.

EXP36-C

Do not cast pointers into more strictly aligned pointer types.

EXP37-C

Call functions with the correct number and type of arguments.

EXP39-C

Do not access a variable through a pointer of an incompatible type.

EXP40-C

Do not modify constant objects.

EXP42-C

Do not compare padding data.

EXP43-C

Avoid undefined behavior when using restrict-qualified pointers.

EXP44-C

Do not rely on side effects in operands to sizeof, _Alignof, or _Generic.

EXP45-C

Do not perform assignments in selection statements.

EXP46-C

Do not use a bitwise operator with a Boolean-like operand.

EXP47-C

Do not call va_arg with an argument of the incorrect type.

INT30-C

Ensure that unsigned integer operations do not wrap.

INT31-C

Ensure that integer conversions do not result in lost or misinterpreted data.

INT32-C

Ensure that operations on signed integers do not result in overflow.

INT33-C

Ensure that division and remainder operations do not result in divide-by-zero errors.

INT34-C

Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand.

INT35-C

Use correct integer precisions.

INT36-C

Converting a pointer to integer or integer to pointer.

FLP30-C

Do not use floating-point variables as loop counters.

FLP32-C

Prevent or detect domain and range errors in math functions.

FLP34-C

Ensure that floating-point conversions are within range of the new type.

FLP36-C

Preserve precision when converting integral values to floating-point type.

FLP37-C

Do not use object representations to compare floating-point values.

ARR30-C

Do not form or use out of bounds pointers or array subscripts.

ARR32-C

Ensure size arguments for variable length arrays are in a valid range.

ARR36-C

Do not subtract or compare two pointers that do not refer to the same array.

ARR37-C

Do not add or subtract an integer to a pointer to a non-array object.

ARR38-C

Guarantee that library functions do not form invalid pointers.

ARR39-C

Do not add or subtract a scaled integer to a pointer.

STR30-C

Do not attempt to modify string literals.

STR31-C

Guarantee that storage for strings has sufficient space for character data and the null terminator.

STR32-C

Do not pass a non-null-terminated character sequence to a library function that expects a string.

STR34-C

Cast characters to unsigned char before converting to larger integer sizes.

STR37-C

Arguments to character-handling functions must be representable as an unsigned char.

STR38-C

Do not confuse narrow and wide character strings and functions.

MEM30-C

Do not access freed memory.

MEM31-C

Free dynamically allocated memory when no longer needed.

MEM33-C

Allocate and copy structures containing a flexible array member dynamically.

MEM34-C

Only free memory allocated dynamically.

MEM35-C

Allocate sufficient memory for an object.

MEM36-C

Do not modify the alignment of objects by calling realloc().

FIO30-C

Exclude user input from format strings.

FIO32-C

Do not perform operations on devices that are only appropriate for files.

FIO34-C

Distinguish between characters read from a file and EOF or WEOF.

FIO37-C

Do not assume that fgets() or fgetws() returns a nonempty string when successful.

FIO38-C

Do not copy a FILE object.

FIO39-C

Do not alternately input and output from a stream without an intervening flush or positioning call.

FIO40-C

Reset strings on fgets() or fgetws() failure.

FIO41-C

Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects.

FIO42-C

Close files when they are no longer needed.

FIO44-C

Only use values for fsetpos() that are returned from fgetpos().

FIO45-C

Avoid TOCTOU race conditions while accessing files.

FIO46-C

Do not access a closed file.

FIO47-C

Use valid format strings.

ENV30-C

Do not modify the object referenced by the return value of certain functions.

ENV31-C

Do not rely on an environment pointer following an operation that may invalidate it.

ENV32-C

All exit handlers must return normally.

ENV33-C

Do not call system().

ENV34-C

Do not store pointers returned by certain functions.

SIG30-C

Call only asynchronous-safe functions within signal handlers.

SIG31-C

Do not access shared objects in signal handlers.

SIG34-C

Do not call signal() from within interruptible signal handlers.

SIG35-C

Do not return from a computational exception signal handler.

ERR30-C

Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure.

ERR32-C

Do not rely on indeterminate values of errno.

ERR33-C

Detect and handle standard library errors.

ERR34-C

Detect errors when converting a string to a number.

CON30-C

Clean up thread-specific storage.

CON31-C

Do not destroy a mutex while it is locked.

CON32-C

Prevent data races when accessing bit-fields from multiple threads.

CON33-C

Avoid race conditions when using library functions.

CON34-C

Declare objects shared between threads with appropriate storage durations.

CON35-C

Avoid deadlock by locking in predefined order.

CON36-C

Wrap functions that can spuriously wake up in a loop.

CON37-C

Do not call signal() in a multithreaded program.

CON38-C

Preserve thread safety and liveness when using condition variables.

CON39-C

Do not join or detach a thread that was previously joined or detached.

CON40-C

Do not refer to an atomic variable twice in an expression.

CON41-C

Wrap functions that can fail spuriously in a loop.

CON43-C

Do not allow data races in multithreaded code.

MSC30-C

Do not use the rand() function for generating pseudorandom numbers.

MSC32-C

Properly seed pseudorandom number generators.

MSC33-C

Do not pass invalid data to the asctime() function.

MSC37-C

Ensure that control never reaches the end of a non-void function.

MSC38-C

Do not treat a predefined identifier as an object if it might only be implemented as a macro.

MSC39-C

Do not call va_arg() on a va_list that has an indeterminate value.

MSC40-C

Do not violate constraints.

MSC41-C

Never hard code sensitive information.

POS30-C

Use the readlink() function properly.

POS33-C

Do not use vfork().

POS34-C

Do not call putenv() with a pointer to an automatic variable as the argument.

POS35-C

Avoid race conditions while checking for the existence of a symbolic link.

POS36-C

Observe correct revocation order while relinquishing privileges.

POS37-C

Ensure that privilege relinquishment is successful.

POS38-C

Beware of race conditions when using fork and file descriptors.

POS39-C

Use the correct byte ordering when transferring data between systems.

POS44-C

Do not use signals to terminate threads.

POS47-C

Do not use threads that can be canceled asynchronously.

POS49-C

When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed.

POS50-C

Declare objects shared between POSIX threads with appropriate storage durations.

POS52-C

Do not perform operations that can block while holding a POSIX lock.

POS54-C

Detect and handle POSIX library errors.

WIN30-C

Properly pair allocation and deallocation functions.

CERT C++ rule coverage

Section

Rules

Supported All

% Coverage

All

83

83

100.0

DCL

11

11

100.0

EXP

14

14

100.0

INT

1

1

100.0

CTR

9

9

100.0

STR

4

4

100.0

MEM

8

8

100.0

FIO

2

2

100.0

ERR

13

13

100.0

OOP

9

9

100.0

CON

7

7

100.0

MSC

5

5

100.0

CERT C++ supported rules

Rule Description

DCL50-CPP

Do not define a C-style variadic function.

DCL51-CPP

Do not declare or define a reserved identifier.

DCL52-CPP

Never qualify a reference type with const or volatile.

DCL53-CPP

Do not write syntactically ambiguous declarations.

DCL54-CPP

Overload allocation and deallocation functions as a pair in the same scope.

DCL55-CPP

Avoid information leakage when passing a class object across a trust boundary.

DCL56-CPP

Avoid cycles during initialization of static objects.

DCL57-CPP

Do not let exceptions escape from destructors or deallocation functions.

DCL58-CPP

Do not modify the standard namespaces.

DCL59-CPP

Do not define an unnamed namespace in a header file.

DCL60-CPP

Obey the one-definition rule.

EXP50-CPP

Do not depend on the order of evaluation for side effects.

EXP51-CPP

Do not delete an array through a pointer of the incorrect type.

EXP52-CPP

Do not rely on side effects in unevaluated operands.

EXP53-CPP

Do not read uninitialized memory.

EXP54-CPP

Do not access an object outside of its lifetime.

EXP55-CPP

Do not access a cv-qualified object through a cv-unqualified type.

EXP56-CPP

Do not call a function with a mismatched language linkage.

EXP57-CPP

Do not cast or delete pointers to incomplete classes.

EXP58-CPP

Pass an object of the correct type to va_start.

EXP59-CPP

Use offsetof() on valid types and members.

EXP60-CPP

Do not pass a nonstandard-layout type object across execution boundaries.

EXP61-CPP

A lambda object must not outlive any of its reference captured objects.

EXP62-CPP

Do not access the bits of an object representation that are not part of the object's value representation.

EXP63-CPP

Do not rely on the value of a moved-from object.

INT50-CPP

Do not cast to an out-of-range enumeration value.

CTR50-CPP

Guarantee that container indices and iterators are within the valid range.

CTR51-CPP

Use valid references, pointers, and iterators to reference elements of a container.

CTR52-CPP

Guarantee that library functions do not overflow.

CTR53-CPP

Use valid iterator ranges.

CTR54-CPP

Do not subtract iterators that do not refer to the same container.

CTR55-CPP

Do not use an additive operator on an iterator if the result would overflow.

CTR56-CPP

Do not use pointer arithmetic on polymorphic objects.

CTR57-CPP

Provide a valid ordering predicate.

CTR58-CPP

Predicate function objects should not be mutable.

STR50-CPP

Guarantee that storage for strings has sufficient space for character data and the null terminator.

STR51-CPP

Do not attempt to create a std::string from a null pointer.

STR52-CPP

Use valid references, pointers, and iterators to reference elements of a basic_string.

STR53-CPP

Range check element access.

MEM50-CPP

Do not access freed memory.

MEM51-CPP

Properly deallocate dynamically allocated resources.

MEM52-CPP

Detect and handle memory allocation errors.

MEM53-CPP

Explicitly construct and destruct objects when manually managing object lifetime.

MEM54-CPP

Provide placement new with properly aligned pointers to sufficient storage capacity.

MEM55-CPP

Honor replacement dynamic storage management requirements.

MEM56-CPP

Do not store an already-owned pointer value in an unrelated smart pointer.

MEM57-CPP

Avoid using default operator new for over-aligned types.

FIO50-CPP

Do not alternately input and output from a file stream without an intervening positioning call.

FIO51-CPP

Close files when they are no longer needed.

ERR50-CPP

Do not abruptly terminate the program.

ERR51-CPP

Handle all exceptions.

ERR52-CPP

Do not use setjmp() or longjmp().

ERR53-CPP

Do not reference base classes or class data members in a constructor or destructor function-try-block handler.

ERR54-CPP

Catch handlers should order their parameter types from most derived to least derived.

ERR55-CPP

Honor exception specifications.

ERR56-CPP

Guarantee exception safety.

ERR57-CPP

Do not leak resources when handling exceptions.

ERR58-CPP

Handle all exceptions thrown before main() begins executing.

ERR59-CPP

Do not throw an exception across execution boundaries.

ERR60-CPP

Exception objects must be nothrow copy constructible.

ERR61-CPP

Catch exceptions by lvalue reference.

ERR62-CPP

Detect errors when converting a string to a number.

OOP50-CPP

Do not invoke virtual functions from constructors or destructors.

OOP51-CPP

Do not slice derived objects.

OOP52-CPP

Do not delete a polymorphic object without a virtual destructor.

OOP53-CPP

Write constructor member initializers in the canonical order.

OOP54-CPP

Gracefully handle self-copy assignment.

OOP55-CPP

Do not use pointer-to-member operators to access nonexistent members.

OOP56-CPP

Honor replacement handler requirements.

OOP57-CPP

Prefer special member functions and overloaded operators to C Standard Library functions.

OOP58-CPP

Copy operations must not mutate the source object.

CON50-CPP

Do not destroy a mutex while it is locked.

CON51-CPP

Ensure actively held locks are released on exceptional conditions.

CON52-CPP

Prevent data races when accessing fields from multiple threads.

CON53-CPP

Avoid deadlocks by locking in a predefined order.

CON54-CPP

Wrap functions that can spuriously wake up in a loop.

CON55-CPP

Preserve thread safety and liveness when using condition variables.

CON56-CPP

Do not speculatively lock a non-recursive mutex that is already owned by the calling thread.

MSC50-CPP

Do not use std::rand() for generating pseudorandom numbers.

MSC51-CPP

Ensure your random number generator is properly seeded.

MSC52-CPP

Value-returning functions must return a value from all exit paths.

MSC53-CPP

Do not return from a function declared [[noreturn]].

MSC54-CPP

A signal handler must be a plain old function.

CERT C L1 recommendation coverage (online version)

Section

Recommendations

Supported All

% Coverage

All

103

191

53.9

PRE

7

14

50.0

DCL

14

23

60.9

EXP

11

16

68.8

INT

12

16

75.0

FLP

4

8

50.0

ARR

3

3

100.0

STR

6

12

50.0

MEM

10

17

58.8

FIO

7

20

35.0

ENV

1

3

33.3

SIG

2

3

66.7

ERR

2

8

25.0

API

4

9

44.4

CON

2

8

25.0

MSC

12

22

54.5

POS

3

4

75.0

WIN

3

5

60.0

CERT C supported recommendations (online version)

Rule Description

PRE00-C

Prefer inline or static functions to function-like macros.

PRE06-C

Enclose header files in an include guard.

PRE07-C

Avoid using repeated question marks.

PRE09-C

Do not replace secure functions with deprecated or obsolescent functions.

PRE10-C

Wrap multistatement macros in a do-while loop.

PRE11-C

Do not conclude macro definitions with a semicolon.

PRE12-C

Do not define unsafe macros.

DCL01-C

Do not reuse variable names in subscopes.

DCL02-C

Use visually distinct identifiers.

DCL06-C

Use meaningful symbolic constants to represent literal values.

DCL07-C

Include the appropriate type information in function declarators.

DCL10-C

Maintain the contract between the writer and caller of variadic functions.

DCL11-C

Understand the type issues associated with variadic functions.

DCL12-C

Implement abstract data types using opaque types.

DCL13-C

Declare function parameters that are pointers to values not changed by the function as const.

DCL15-C

Declare file-scope objects or functions that do not need external linkage as static.

DCL16-C

Use "L," not "l," to indicate a long value.

DCL18-C

Do not begin integer constants with 0 when specifying a decimal value.

DCL19-C

Minimize the scope of variables and functions.

DCL22-C

Use volatile for data that cannot be cached.

DCL23-C

Guarantee that mutually visible identifiers are unique.

EXP00-C

Use parentheses for precedence of operation.

EXP05-C

Do not cast away a const qualification.

EXP08-C

Ensure pointer arithmetic is used correctly.

EXP09-C

Use sizeof to determine the size of a type or variable.

EXP10-C

Do not depend on the order of evaluation of subexpressions or the order in which side effects take place.

EXP12-C

Do not ignore values returned by functions.

EXP13-C

Treat relational and equality operators as if they were nonassociative.

EXP15-C

Do not place a semicolon on the same line as an if, for, or while statement.

EXP16-C

Do not compare function pointers to constant values.

EXP19-C

Use braces for the body of an if, for, or while statement.

EXP20-C

Perform explicit tests to determine success, true and false, and equality.

INT00-C

Understand the data model used by your implementation(s).

INT02-C

Understand integer conversion rules.

INT04-C

Enforce limits on integer values originating from tainted sources.

INT07-C

Use only explicitly signed or unsigned char type for numeric values.

INT08-C

Verify that all integer values are in range.

INT09-C

Ensure enumeration constants map to unique values.

INT10-C

Do not assume a positive remainder when using the % operator.

INT12-C

Do not make assumptions about the type of a plain int bit-field when used in an expression.

INT13-C

Use bitwise operators only on unsigned operands.

INT14-C

Avoid performing bitwise and arithmetic operations on the same data.

INT17-C

Define integer constants in an implementation-independent manner.

INT18-C

Evaluate integer expressions in a larger size before comparing or assigning to that size.

FLP00-C

Understand the limitations of floating-point numbers.

FLP02-C

Avoid using floating-point numbers when precise computation is needed.

FLP03-C

Detect and handle floating-point errors.

FLP06-C

Convert integers to floating point for floating-point operations.

ARR00-C

Understand how arrays work.

ARR01-C

Do not apply the sizeof operator to a pointer when taking the size of an array.

ARR02-C

Explicitly specify array bounds, even if implicitly defined by an initializer.

STR00-C

Represent characters using an appropriate type.

STR02-C

Sanitize data passed to complex subsystems.

STR03-C

Do not inadvertently truncate a string.

STR06-C

Do not assume that strtok() leaves the parse string unchanged.

STR07-C

Use the bounds-checking interfaces for string manipulation.

STR11-C

Do not specify the bound of a character array initialized with a string literal.

MEM00-C

Allocate and free memory in the same module, at the same level of abstraction.

MEM01-C

Store a new value in pointers immediately after free().

MEM02-C

Immediately cast the result of a memory allocation function call into a pointer to the allocated type.

MEM03-C

Clear sensitive information stored in reusable resources.

MEM04-C

Beware of zero-length allocations.

MEM05-C

Avoid large stack allocations.

MEM06-C

Ensure that sensitive data is not written out to disk.

MEM07-C

Ensure that the arguments to calloc(), when multiplied, do not wrap.

MEM11-C

Do not assume infinite heap space.

MEM12-C

Consider using a goto chain when leaving a function on error when using and releasing resources.

FIO01-C

Be careful using functions that use file names for identification.

FIO02-C

Canonicalize path names originating from tainted sources.

FIO06-C

Create files with appropriate access permissions.

FIO11-C

Take care when specifying the mode parameter of fopen().

FIO20-C

Avoid unintentional truncation when using fgets() or fgetws().

FIO21-C

Do not create temporary files in shared directories.

FIO24-C

Do not open a file that is already open.

ENV01-C

Do not make assumptions about the size of an environment variable.

SIG00-C

Mask signals handled by noninterruptible signal handlers.

SIG02-C

Avoid using signals to implement normal functionality.

ERR00-C

Adopt and implement a consistent and comprehensive error-handling policy.

ERR07-C

Prefer functions that support error checking over equivalent functions that don't.

API02-C

Functions that read or write to or from an array should take an argument to specify the source or target size.

API04-C

Provide a consistent and usable error-checking mechanism.

API05-C

Use conformant array parameters.

API09-C

Compatible values should have the same type.

CON01-C

Acquire and release synchronization primitives in the same module, at the same level of abstraction.

CON05-C

Do not perform operations that can block while holding a lock.

MSC00-C

Compile cleanly at high warning levels.

MSC01-C

Strive for logical completeness.

MSC04-C

Use comments consistently and in a readable fashion.

MSC12-C

Detect and remove code that has no effect or is never executed.

MSC13-C

Detect and remove unused values.

MSC15-C

Do not depend on undefined behavior.

MSC17-C

Finish every set of statements associated with a case label with a break statement.

MSC18-C

Be careful while handling sensitive data, such as passwords, in program code.

MSC20-C

Do not use a switch statement to transfer control into a complex block.

MSC21-C

Use robust loop termination conditions.

MSC22-C

Use the setjmp(), longjmp() facility securely.

MSC24-C

Do not use deprecated or obsolescent functions.

POS01-C

Check for the existence of links when dealing with files.

POS02-C

Follow the principle of least privilege.

POS05-C

Limit access to files by creating a jail.

WIN00-C

Be specific when dynamically loading libraries.

WIN01-C

Do not forcibly terminate execution.

WIN02-C

Restrict privileges when spawning child processes.

CERT Java rule coverage (online version)

Section

Rules

Supported All

% Coverage

All

153

200

76.5

IDS

11

11

100.0

DCL

3

3

100.0

EXP

6

7

85.7

NUM

13

13

100.0

STR

5

5

100.0

OBJ

10

13

76.9

MET

12

14

85.7

ERR

10

10

100.0

VNA

6

6

100.0

LCK

12

12

100.0

THI

6

6

100.0

TPS

5

5

100.0

TSM

4

4

100.0

FIO

16

16

100.0

SER

12

13

92.3

SEC

8

8

100.0

ENV

3

7

42.9

JNI

2

5

40.0

MSC

9

12

75.0

DRD

0

30

0.0

CERT Java supported rules (online version)

Rule Description

IDS00-J

Prevent SQL injection.

IDS01-J

Normalize strings before validating them.

IDS03-J

Do not log unsanitized user input.

IDS04-J

Safely extract files from ZipInputStream.

IDS06-J

Exclude unsanitized user input from format strings.

IDS07-J

Sanitize untrusted data passed to the Runtime.exec() method.

IDS08-J

Sanitize untrusted data included in a regular expression.

IDS11-J

Perform any string modifications before validation.

IDS14-J

Do not trust the contents of hidden form fields.

IDS16-J

Prevent XML Injection.

IDS17-J

Prevent XML External Entity Attacks.

DCL00-J

Prevent class initialization cycles.

DCL01-J

Do not reuse public identifiers from the Java Standard Library.

DCL02-J

Do not modify the collection's elements during an enhanced for statement.

EXP00-J

Do not ignore values returned by methods.

EXP01-J

Do not use a null in a case where an object is required.

EXP02-J

Do not use the Object.equals() method to compare two arrays.

EXP03-J

Do not use the equality operators when comparing values of boxed primitives.

EXP05-J

Do not follow a write by a subsequent write or read of the same object within an expression.

EXP06-J

Expressions used in assertions must not produce side effects.

NUM00-J

Detect or prevent integer overflow.

NUM01-J

Do not perform bitwise and arithmetic operations on the same data.

NUM02-J

Ensure that division and remainder operations do not result in divide-by-zero errors.

NUM03-J

Use integer types that can fully represent the possible range of unsigned data.

NUM04-J

Do not use floating-point numbers if precise computation is required.

NUM07-J

Do not attempt comparisons with NaN.

NUM08-J

Check floating-point inputs for exceptional values.

NUM09-J

Do not use floating-point variables as loop counters.

NUM10-J

Do not construct BigDecimal objects from floating-point literals.

NUM11-J

Do not compare or inspect the string representation of floating-point values.

NUM12-J

Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data.

NUM13-J

Avoid loss of precision when converting primitive integers to floating-point.

NUM14-J

Use shift operators correctly.

STR00-J

Don't form strings containing partial characters from variable-width encodings.

STR01-J

Do not assume that a Java char fully represents a Unicode code point.

STR02-J

Specify an appropriate locale when comparing locale-dependent data.

STR03-J

Do not encode noncharacter data as a string.

STR04-J

Use compatible character encodings when communicating string data between JVMs.

OBJ01-J

Limit accessibility of fields.

OBJ04-J

Provide mutable classes with copy functionality to safely allow passing instances to untrusted code.

OBJ05-J

Do not return references to private mutable class members.

OBJ06-J

Defensively copy mutable inputs and mutable internal components.

OBJ07-J

Sensitive classes must not let themselves be copied.

OBJ08-J

Do not expose private members of an outer class from within a nested class.

OBJ09-J

Compare classes and not class names.

OBJ10-J

Do not use public static nonfinal fields.

OBJ11-J

Be wary of letting constructors throw exceptions.

OBJ13-J

Ensure that references to mutable objects are not exposed.

MET00-J

Validate method arguments.

MET01-J

Never use assertions to validate method arguments.

MET02-J

Do not use deprecated or obsolete classes or methods.

MET03-J

Methods that perform a security check must be declared private or final.

MET04-J

Do not increase the accessibility of overridden or hidden methods.

MET05-J

Ensure that constructors do not call overridable methods.

MET06-J

Do not invoke overridable methods in clone().

MET07-J

Never declare a class method that hides a method declared in a superclass or superinterface.

MET08-J

Preserve the equality contract when overriding the equals() method.

MET09-J

Classes that define an equals() method must also define a hashCode() method.

MET11-J

Ensure that keys used in comparison operations are immutable.

MET12-J

Do not use finalizers.

ERR00-J

Do not suppress or ignore checked exceptions.

ERR01-J

Do not allow exceptions to expose sensitive information.

ERR02-J

Prevent exceptions while logging data.

ERR03-J

Restore prior object state on method failure.

ERR04-J

Do not complete abruptly from a finally block.

ERR05-J

Do not let checked exceptions escape from a finally block.

ERR06-J

Do not throw undeclared checked exceptions.

ERR07-J

Do not throw RuntimeException, Exception, or Throwable.

ERR08-J

Do not catch NullPointerException or any of its ancestors.

ERR09-J

Do not allow untrusted code to terminate the JVM.

VNA00-J

Ensure visibility when accessing shared primitive variables.

VNA01-J

Ensure visibility of shared references to immutable objects.

VNA02-J

Ensure that compound operations on shared variables are atomic.

VNA03-J

Do not assume that a group of calls to independently atomic methods is atomic.

VNA04-J

Ensure that calls to chained methods are atomic.

VNA05-J

Ensure atomicity when reading and writing 64-bit values.

LCK00-J

Use private final lock objects to synchronize classes that may interact with untrusted code.

LCK01-J

Do not synchronize on objects that may be reused.

LCK02-J

Do not synchronize on the class object returned by getClass().

LCK03-J

Do not synchronize on the intrinsic locks of high-level concurrency objects.

LCK04-J

Do not synchronize on a collection view if the backing collection is accessible.

LCK05-J

Synchronize access to static fields that can be modified by untrusted code.

LCK06-J

Do not use an instance lock to protect shared static data.

LCK07-J

Avoid deadlock by requesting and releasing locks in the same order.

LCK08-J

Ensure actively held locks are released on exceptional conditions.

LCK09-J

Do not perform operations that can block while holding a lock.

LCK10-J

Use a correct form of the double-checked locking idiom.

LCK11-J

Avoid client-side locking when using classes that do not commit to their locking strategy.

THI00-J

Do not invoke Thread.run().

THI01-J

Do not invoke ThreadGroup methods.

THI02-J

Notify all waiting threads rather than a single thread.

THI03-J

Always invoke wait() and await() methods inside a loop.

THI04-J

Ensure that threads performing blocking operations can be terminated.

THI05-J

Do not use Thread.stop() to terminate threads.

TPS00-J

Use thread pools to enable graceful degradation of service during traffic bursts.

TPS01-J

Do not execute interdependent tasks in a bounded thread pool.

TPS02-J

Ensure that tasks submitted to a thread pool are interruptible.

TPS03-J

Ensure that tasks executing in a thread pool do not fail silently.

TPS04-J

Ensure ThreadLocal variables are reinitialized when using thread pools.

TSM00-J

Do not override thread-safe methods with methods that are not thread-safe.

TSM01-J

Do not let the this reference escape during object construction.

TSM02-J

Do not use background threads during class initialization.

TSM03-J

Do not publish partially initialized objects.

FIO00-J

Do not operate on files in shared directories.

FIO01-J

Create files with appropriate access permissions.

FIO02-J

Detect and handle file-related errors.

FIO03-J

Remove temporary files before termination.

FIO04-J

Release resources when they are no longer needed.

FIO05-J

Do not expose buffers or their backing arrays methods to untrusted code.

FIO06-J

Do not create multiple buffered wrappers on a single byte or character stream.

FIO07-J

Do not let external processes block on IO buffers.

FIO08-J

Distinguish between characters or bytes read from a stream and -1.

FIO09-J

Do not rely on the write() method to output integers outside the range 0 to 255.

FIO10-J

Ensure the array is filled when using read() to fill an array.

FIO12-J

Provide methods to read and write little-endian data.

FIO13-J

Do not log sensitive information outside a trust boundary.

FIO14-J

Perform proper cleanup at program termination.

FIO15-J

Do not reset a servlet's output stream after committing it.

FIO16-J

Canonicalize path names before validating them.

SER00-J

Enable serialization compatibility during class evolution.

SER01-J

Do not deviate from the proper signatures of serialization methods.

SER02-J

Sign then seal objects before sending them outside a trust boundary.

SER04-J

Do not allow serialization and deserialization to bypass the security manager.

SER05-J

Do not serialize instances of inner classes.

SER06-J

Make defensive copies of private mutable components during deserialization.

SER07-J

Do not use the default serialized form for classes with implementation-defined invariants.

SER08-J

Minimize privileges before deserializing from a privileged context.

SER09-J

Do not invoke overridable methods from the readObject() method.

SER10-J

Avoid memory and resource leaks during serialization.

SER11-J

Prevent overwriting of externalizable objects.

SER12-J

Prevent deserialization of untrusted data.

SEC00-J

Do not allow privileged blocks to leak sensitive information across a trust boundary.

SEC01-J

Do not allow tainted variables in privileged blocks.

SEC02-J

Do not base security checks on untrusted sources.

SEC03-J

Do not load trusted classes after allowing untrusted code to load arbitrary classes.

SEC04-J

Protect sensitive operations with security manager checks.

SEC05-J

Do not use reflection to increase accessibility of classes, methods, or fields.

SEC06-J

Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar.

SEC07-J

Call the superclass's getPermissions() method when writing a custom class loader.

ENV02-J

Do not trust the values of environment variables.

ENV03-J

Do not grant dangerous combinations of permissions.

ENV06-J

Production code must not contain debugging entry points.

JNI00-J

Define wrappers around native methods.

JNI01-J

Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary).

MSC00-J

Use SSLSocket rather than Socket for secure data exchange.

MSC01-J

Do not use an empty infinite loop.

MSC02-J

Generate strong random numbers.

MSC03-J

Never hard code sensitive information.

MSC04-J

Do not leak memory.

MSC05-J

Do not exhaust heap space.

MSC06-J

Do not modify the underlying collection when an iteration is in progress.

MSC07-J

Prevent multiple instantiations of singleton objects.

MSC11-J

Do not let session information leak within a servlet.