SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be ...

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary ...

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the...

The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This ty...

The product does not release or incorrectly releases a resource before it is made available for re-use.

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.

The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

During installation, installed file permissions are set to allow anyone to modify those files.

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing...

The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass t...

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...