Home > Articles > Programming > Java

The CERT® Oracle® Secure Coding Standard for Java: Input Validation and Data Sanitization (IDS)

This chapter provides a list of rules, assesses their risk, and provides of noncompliant and compliant code and solutions to validate and sanitize the data.
This chapter is from the book

Rules

Rule

Page

IDS00-J. Sanitize untrusted data passed across a trust boundary

24

IDS01-J. Normalize strings before validating them

34

IDS02-J. Canonicalize path names before validating them

36

IDS03-J. Do not log unsanitized user input

41

IDS04-J. Limit the size of files passed to ZipInputStream

43

IDS05-J. Use a subset of ASCII for file and path names

46

IDS06-J. Exclude user input from format strings

48

IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method

50

IDS08-J. Sanitize untrusted data passed to a regex

54

IDS09-J. Do not use locale-dependent methods on locale-dependent data without specifying the appropriate locale

59

IDS10-J. Do not split characters between two data structures

60

IDS11-J. Eliminate noncharacter code points before validation

66

IDS12-J. Perform lossless conversion of String data between differing character encodings

68

IDS13-J. Use compatible encodings on both sides of file or network I/O

71

  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus