CodeCheck Documentation
CodeCheck Documentation - SEI CERT Java

Standard: SEI CERT Java

The CERT Oracle Secure Coding Standard for Java provides rules for secure coding in the Java programming language.

This coding standard affects the wide range of software systems developed in the Java programming language.

The rules and recommendations in this standard are a work in progress and reflect the current thinking of the secure coding community. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.

The list of rules and recommendations in this tool were last updated on 2023/05/23.

Check IDCheck NameSupportedSeverity
DCL00-JPrevent class initialization cyclesYesLow
DCL01-JDo not reuse public identifiers from the Java Standard LibraryNoLow
DCL02-JDo not modify the collection's elements during an enhanced for statementYesLow
ENV00-JDo not sign code that performs only unprivileged operationsNoHigh
ENV01-JPlace all security-sensitive code in a single JAR and sign and seal itNoHigh
ENV02-JDo not trust the values of environment variablesYesLow
ENV03-JDo not grant dangerous combinations of permissionsYesHigh
ENV04-JDo not disable bytecode verificationNoHigh
ENV05-JDo not deploy an application that can be remotely monitoredNoHigh
ENV06-JProduction code must not contain debugging entry pointsYesHigh
ERR00-JDo not suppress or ignore checked exceptionsYesLow
ERR01-JDo not allow exceptions to expose sensitive informationYesMedium
ERR02-JPrevent exceptions while logging dataYesMedium
ERR03-JRestore prior object state on method failureYesLow
ERR04-JDo not complete abruptly from a finally blockYesLow
ERR05-JDo not let checked exceptions escape from a finally blockYesLow
ERR06-JDo not throw undeclared checked exceptionsYesLow
ERR07-JDo not throw RuntimeException, Exception, or ThrowableYesLow
ERR08-JDo not catch NullPointerException or any of its ancestorsYesMedium
ERR09-JDo not allow untrusted code to terminate the JVMYesLow
EXP00-JDo not ignore values returned by methods.YesMedium
EXP01-JDo not use a null in a case where an object is requiredNoLow
EXP02-JDo not use the Object.equals() method to compare two arrays.YesLow
EXP03-JDo not use the equality operators when comparing values of boxed primitivesYesLow
EXP04-JDo not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter typeYesLow
EXP05-JDo not follow a write by a subsequent write or read of the same object within an expressionYesLow
EXP06-JExpressions used in assertions must not produce side effectsYesLow
FIO00-JDo not operate on files in shared directoriesYesMedium
FIO01-JCreate files with appropriate access permissionsYesMedium
FIO02-JDetect and handle file-related errorsYesMedium
FIO03-JRemove temporary files before terminationYesMedium
FIO04-JRelease resources when they are no longer neededYesLow
FIO05-JDo not expose buffers or their backing arrays methods to untrusted codeYesMedium
FIO06-JDo not create multiple buffered wrappers on a single byte or character streamNoLow
FIO07-JDo not let external processes block on IO buffersNoLow
FIO08-JDistinguish between characters or bytes read from a stream and -1NoHigh
FIO09-JDo not rely on the write() method to output integers outside the range 0 to 255YesLow
FIO10-JEnsure the array is filled when using read() to fill an arrayYesLow
FIO12-JProvide methods to read and write little-endian dataNoLow
FIO13-JDo not log sensitive information outside a trust boundaryYesMedium
FIO14-JPerform proper cleanup at program terminationYesMedium
FIO15-JDo not reset a servlet's output stream after committing itNoLow
FIO16-JCanonicalize path names before validating themNoMedium
IDS00-JPrevent SQL InjectionYesHigh
IDS01-JNormalize strings before validating themYesHigh
IDS03-JDo not log unsanitized user inputNoMedium
IDS04-JSafely extract files from ZipInputStreamYesLow
IDS06-JExclude unsanitized user input from format stringsYesMedium
IDS07-JSanitize untrusted data passed to the Runtime.exec() methodNoHigh
IDS08-JSanitize untrusted data included in a regular expressionYesMedium
IDS11-JPerform any string modifications before validationYesHigh
IDS14-JDo not trust the contents of hidden form fieldsNoHigh
IDS16-JPrevent XML InjectionYesHigh
IDS17-JPrevent XML External Entity AttacksNoMedium
JNI00-JDefine wrappers around native methodsYesMedium
LCK00-JUse private final lock objects to synchronize classes that may interact with untrusted codeYesLow
LCK01-JDo not synchronize on objects that may be reusedYesMedium
LCK02-JDo not synchronize on the class object returned by getClass()YesMedium
LCK03-JDo not synchronize on the intrinsic locks of high-level concurrency objectsNoMedium
LCK04-JDo not synchronize on a collection view if the backing collection is accessibleYesLow
LCK05-JSynchronize access to static fields that can be modified by untrusted codeYesLow
LCK06-JDo not use an instance lock to protect shared static dataYesMedium
LCK07-JAvoid deadlock by requesting and releasing locks in the same orderYesLow
LCK08-JEnsure actively held locks are released on exceptional conditionsYesLow
LCK09-JDo not perform operations that can block while holding a lockYesLow
LCK10-JUse a correct form of the double-checked locking idiomYesLow
LCK11-JAvoid client-side locking when using classes that do not commit to their locking strategyYesLow
MET00-JValidate method argumentsYesHigh
MET01-JNever use assertions to validate method argumentsYesMedium
MET02-JDo not use deprecated or obsolete classes or methodsYesLow
MET03-JMethods that perform a security check must be declared private or final.YesMedium
MET04-JDo not increase the accessibility of overridden or hidden methodsYesMedium
MET05-JEnsure that constructors do not call overridable methodsYesMedium
MET06-JDo not invoke overridable methods in clone()YesMedium
MET07-JNever declare a class method that hides a method declared in a superclass or superinterfaceYesLow
MET08-JPreserve the equality contract when overriding the equals() methodYesLow
MET09-JClasses that define an equals() method must also define a hashCode() methodYesLow
MET10-JFollow the general contract when implementing the compareTo() methodYesMedium
MET11-JEnsure that keys used in comparison operations are immutableYesLow
MET12-JDo not use finalizersYesMedium
MET13-JDo not assume that reassigning method arguments modifies the calling environmentNoMedium
MSC00-JUse SSLSocket rather than Socket for secure data exchangeYesMedium
MSC01-JDo not use an empty infinite loopYesLow
MSC02-JGenerate strong random numbersYesHigh
MSC03-JNever hard code sensitive informationNoHigh
MSC04-JDo not leak memoryNoLow
MSC05-JDo not exhaust heap spaceNoLow
MSC06-JDo not modify the underlying collection when an iteration is in progressNoLow
MSC07-JPrevent multiple instantiations of singleton objectsNoLow
NUM00-JDetect or prevent integer overflowYesMedium
NUM01-JDo not perform bitwise and arithmetic operations on the same dataNoMedium
NUM02-JEnsure that division and remainder operations do not result in divide-by-zero errorsYesLow
NUM03-JUse integer types that can fully represent the possible range of unsigned dataNoLow
NUM04-JDo not use floating-point numbers if precise computation is requiredNoLow
NUM07-JDo not attempt comparisons with NaNYesLow
NUM08-JCheck floating-point inputs for exceptional valuesNoLow
NUM09-JDo not use floating-point variables as loop countersYesLow
NUM10-JDo not construct BigDecimal objects from floating-point literalsYesLow
NUM11-JDo not compare or inspect the string representation of floating-point valuesYesLow
NUM12-JEnsure conversions of numeric types to narrower types do not result in lost or misinterpreted dataYesLow
NUM13-JAvoid loss of precision when converting primitive integers to floating-pointYesLow
NUM14-JUse shift operators correctlyNoLow
OBJ01-JLimit accessibility of fieldsYesMedium
OBJ02-JPreserve dependencies in subclasses when changing superclassesNoMedium
OBJ03-JPrevent heap pollutionNoLow
OBJ04-JProvide mutable classes with copy functionality to safely allow passing instances to untrusted codeYesLow
OBJ05-JDo not return references to private mutable class membersYesHigh
OBJ06-JDefensively copy mutable inputs and mutable internal components NoMedium
OBJ07-JSensitive classes must not let themselves be copiedYesMedium
OBJ08-JDo not expose private members of an outer class from within a nested classYesMedium
OBJ09-JCompare classes and not class namesYesHigh
OBJ10-JDo not use public static nonfinal fieldsYesMedium
OBJ11-JBe wary of letting constructors throw exceptionsYesHigh
OBJ13-JEnsure that references to mutable objects are not exposedYesMedium
SEC00-JDo not allow privileged blocks to leak sensitive information across a trust boundaryNoMedium
SEC01-JDo not allow tainted variables in privileged blocksYesHigh
SEC02-JDo not base security checks on untrusted sourcesNoHigh
SEC03-JDo not load trusted classes after allowing untrusted code to load arbitrary classesNoHigh
SEC04-JProtect sensitive operations with security manager checksNoHigh
SEC05-JDo not use reflection to increase accessibility of classes, methods, or fieldsNoHigh
SEC06-JDo not rely on the default automatic signature verification provided by URLClassLoader and java.util.jarNoHigh
SEC07-JCall the superclass's getPermissions() method when writing a custom class loaderYesHigh
SER00-JEnable serialization compatibility during class evolutionNoLow
SER01-JDo not deviate from the proper signatures of serialization methodsYesHigh
SER02-JSign then seal objects before sending them outside a trust boundaryNoMedium
SER03-JDo not serialize unencrypted sensitive dataNoMedium
SER04-JDo not allow serialization and deserialization to bypass the security managerYesHigh
SER05-JDo not serialize instances of inner classesYesMedium
SER06-JMake defensive copies of private mutable components during deserializationYesLow
SER07-JDo not use the default serialized form for classes with implementation-defined invariantsYesMedium
SER08-JMinimize privileges before deserializing from a privileged contextNoHigh
SER09-JDo not invoke overridable methods from the readObject() methodYesLow
SER10-JAvoid memory and resource leaks during serializationNoLow
SER11-JPrevent overwriting of externalizable objectsNoLow
SER12-JPrevent deserialization of untrusted dataYesHigh
STR00-JDon't form strings containing partial characters from variable-width encodingsNoLow
STR01-JDo not assume that a Java char fully represents a Unicode code pointYesLow
STR02-JSpecify an appropriate locale when comparing locale-dependent dataNoMedium
STR03-JDo not encode noncharacter data as a stringYesLow
STR04-JUse compatible character encodings when communicating string data between JVMsNoLow
THI00-JDo not invoke Thread.run()YesLow
THI01-JDo not invoke ThreadGroup methodsYesLow
THI02-JNotify all waiting threads rather than a single thread.YesLow
THI03-JAlways invoke wait() and await() methods inside a loopYesLow
THI04-JEnsure that threads performing blocking operations can be terminatedYesLow
THI05-JDo not use Thread.stop() to terminate threads.YesLow
TPS00-JUse thread pools to enable graceful degradation of service during traffic burstsYesLow
TPS01-JDo not execute interdependent tasks in a bounded thread poolYesLow
TPS02-JEnsure that tasks submitted to a thread pool are interruptibleYesLow
TPS03-JEnsure that tasks executing in a thread pool do not fail silentlyYesLow
TPS04-JEnsure ThreadLocal variables are reinitialized when using thread poolsYesMedium
TSM00-JDo not override thread-safe methods with methods that are not thread-safeYesLow
TSM01-JDo not let the this reference escape during object constructionYesMedium
TSM02-JDo not use background threads during class initializationYesLow
TSM03-JDo not publish partially initialized objectsYesMedium
VNA00-JEnsure visibility when accessing shared primitive variablesYesMedium
VNA01-JEnsure visibility of shared references to immutable objectsYesLow
VNA02-JEnsure that compound operations on shared variables are atomicYesMedium
VNA03-JDo not assume that a group of calls to independently atomic methods is atomicYesLow
VNA04-JEnsure that calls to chained methods are atomicYesLow
VNA05-JEnsure atomicity when reading and writing 64-bit valuesYesLow