Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)
Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
Language: English
Pages: 304
ISBN: 032193315X
Format: PDF / Kindle (mobi) / ePub
“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.”
–Mary Ann Davidson, Chief Security Officer, Oracle Corporation
Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java™ Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands.
Written by the same team that brought you The CERT® Oracle ® Secure Coding Standard for Java™, this guide extends that previous work’s expert security advice to address many additional quality attributes.
You’ll find 75 guidelines, each presented consistently and intuitively. For each guideline, conformance requirements are specified; for most, noncompliant code examples and compliant solutions are also offered. The authors explain when to apply each guideline and provide references to even more detailed information.
Reflecting pioneering research on Java security, Java™ Coding Guidelines offers updated techniques for protecting against both deliberate attacks and other unexpected events. You’ll find best practices for improving code reliability and clarity, and a full chapter exposing common misunderstandings that lead to suboptimal code.
With a Foreword by James A. Gosling, Father of the Java Programming Language
Science for Agriculture and Rural Development in Low-income Countries
Original Wisdom: Stories of an Ancient Way of Knowing
normalizes the output to a known character set, performs output sanitization using a whitelist, and encodes any unspecified data values to enforce a double-checking mechanism. Note that the required whitelisting patterns will vary according to the specific needs of different fields [OWASP 2013]. Click here to view code image * * * public class ValidateOutput { // Allows only alphanumeric characters and spaces private static final Pattern pattern =
sources reside in the c:\package directory on a Windows-based system. Click here to view code image * * * grant codeBase "file:/c:/package" { // For *nix, file:${user.home}/package/ permission ExceptionReporterPermission "exc.reporter"; permission java.lang.RuntimePermission "loadLibrary.myLib"; }; * * * By default, permissions cannot be defined to support actions using Basic-Permission, but the actions can be freely implemented in the subclass Exception-ReporterPermission if
error } // Reopen the file for reading Path file2 = Paths.get(filename); BasicFileAttributes attr2 = Files.readAttributes(file2, BasicFileAttributes.class); FileTime creation2 = attr2.creationTime(); FileTime modified2 = attr2.lastModifiedTime(); if ( (!creation1.equals(creation2)) || (!modified1.equals(modified2)) ) { // File was tampered with, handle error } try (BufferedReader br = new BufferedReader(new InputStreamReader(Files.newInputStream(file2)))){ String line; while
handling specific exceptions difficult. Where cleanup operations such as releasing system resources can be performed, code should use a finally block to release the resources or a try-with-resources statement. Catching Throwable is disallowed in general by The CERT® Oracle® Secure Coding Standard for Java™ [Long 2012], “ERR08-J. Do not catch NullPointer-Exception or any of its ancestors,” but it is permitted when filtering exception traces by the exception ERR08-EX0 in that rule.
Solution (Field Shadowing) This compliant solution eliminates shadowing by changing the name of the variable defined in the method scope from val to newValue: Click here to view code image * * * class MyVector { private int val = 1; private void doLogic() { int newValue; //... } } * * * Noncompliant Code Example (Variable Shadowing) This example is noncompliant because the variable i defined in the scope of the second for loop block shadows the definition of the