The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to rules in the Methods (MET) chapter of The CERT Oracle Secure Coding Standard for Java (2011).

Weaknesses

Call to Non-ubiquitous API

The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denia...

Explicit Call to Finalize()

The software makes an explicit call to the finalize() method from outside the finalizer.

finalize() Method Declared Public

The program violates secure coding principles for mobile code by declaring a finalize() method public.

finalize() Method Without super.finalize()

The software contains a finalize() method that does not call super.finalize().

Improper Following of Specification by Caller

The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

Object Model Violation: Just One of Equals and Hashcode Defined

The software does not maintain equal hashcodes for equal objects.

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe th...

Reliance on Package-level Scope

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

Concepts

Deprecated or Obsolete

Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" pu...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.