CERT Java IDs mapped Klocwork Java checkers
The following mapping of CERT Java IDs to Klocwork Java checkers is a community-developed mapping.
| Rule | Checker name and description |
|---|---|
| ERR08-J |
JD.CATCH Catching runtime exception |
| IDS00-J |
SV.DATA.BOUND Untrusted Data leaks into trusted storage SV.DATA.DB Data injection SV.HTTP_SPLIT Http Response Splitting SV.PATH Path and file name injection SV.PATH.INJ File injection SV.SQL Sql Injection SV.SQL.DBSOURCE Unchecked information from the database is used in SQL statements |
| IDS01-J |
SV.TAINT Tainted data SV.TAINT_NATIVE Tainted data goes to native code SV.XSS.DB Cross Site Scripting (Stored XSS) SV.XSS.REF Cross Site Scripting (Reflected XSS) |
| IDS07-J |
SV.EXEC Process Injection SV.EXEC.DIR Process Injection. Working Directory SV.EXEC.ENV Process Injection. Environment Variables SV.EXEC.LOCAL Process Injection. Local Arguments |
| MSC02-J |
SV.RANDOM Use of insecure Random number generator |
| MSC03-J |
SV.PASSWD.HC Hardcoded Password SV.PASSWD.HC.EMPTY Empty Password SV.PASSWD.PLAIN Plain-text Password SV.SENSITIVE.DATA Unencrypted sensitive data is written SV.SENSITIVE.OBJ Object with unencrypted sensitive data is stored |
| SER01-J |
SV.SERIAL.NOREAD Method readObject() should be defined for a serializable class SV.SERIAL.NOWRITE Method writeObject() should be defined for a serializable class SV.SERIAL.SIG Methods readObject() and writeObject() in serializable classes should have correct signature |
