You are previewing Java™ Coding Guidelines: 75 Recommendations for Reliable and Secure Programs.
O'Reilly logo
Java™ Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

Book Description

“A must-read for all Java developers. . . . Every developer has a responsibility to author code that is free of significant security vulnerabilities. This book provides realistic guidance to help Java developers implement desired functionality with security, reliability, and maintainability goals in mind.”–Mary Ann Davidson, Chief Security Officer, Oracle Corporation  

Organizations worldwide rely on Java code to perform mission-critical tasks, and therefore that code must be reliable, robust, fast, maintainable, and secure. Java™ Coding Guidelines brings together expert guidelines, recommendations, and code examples to help you meet these demands.

Written by the same team that brought you The CERT® Oracle ® Secure Coding Standard for Java™, this guide extends that previous work’s expert security advice to address many additional quality attributes.

You’ll find 75 guidelines, each presented consistently and intuitively. For each guideline, conformance requirements are specified; for most, noncompliant code examples and compliant solutions are also offered. The authors explain when to apply each guideline and provide references to even more detailed information.

Reflecting pioneering research on Java security, Java™ Coding Guidelines offers updated techniques for protecting against both deliberate attacks and other unexpected events. You’ll find best practices for improving code reliability and clarity, and a full chapter exposing common misunderstandings that lead to suboptimal code.

With a Foreword by James A. Gosling, Father of the Java Programming Language

Table of Contents

  1. About This eBook
  2. Title Page
  3. Copyright Page
  4. Dedication Page
  5. Contents
  6. Foreword
  7. Preface
    1. The CERT® Oracle® Secure Coding Standard for Java™
    2. Scope
  8. Acknowledgments
  9. About the Authors
  10. Chapter 1. Security
    1. 1. Limit the lifetime of sensitive data
    2. 2. Do not store unencrypted sensitive information on the client side
    3. 3. Provide sensitive mutable classes with unmodifiable wrappers
    4. 4. Ensure that security-sensitive methods are called with validated arguments
    5. 5. Prevent arbitrary file upload
    6. 6. Properly encode or escape output
    7. 7. Prevent code injection
    8. 8. Prevent XPath injection
    9. 9. Prevent LDAP injection
    10. 10. Do not use the clone() method to copy untrusted method parameters
    11. 11. Do not use Object.equals() to compare cryptographic keys
    12. 12. Do not use insecure or weak cryptographic algorithms
    13. 13. Store passwords using a hash function
    14. 14. Ensure that SecureRandom is properly seeded
    15. 15. Do not rely on methods that can be overridden by untrusted code
    16. 16. Avoid granting excess privileges
    17. 17. Minimize privileged code
    18. 18. Do not expose methods that use reduced-security checks to untrusted code
    19. 19. Define custom security permissions for fine-grained security
    20. 20. Create a secure sandbox using a security manager
    21. 21. Do not let untrusted code misuse privileges of callback methods
  11. Chapter 2. Defensive Programming
    1. 22. Minimize the scope of variables
    2. 23. Minimize the scope of the @SuppressWarnings annotation
    3. 24. Minimize the accessibility of classes and their members
    4. 25. Document thread-safety and use annotations where applicable
    5. 26. Always provide feedback about the resulting value of a method
    6. 27. Identify files using multiple file attributes
    7. 28. Do not attach significance to the ordinal associated with an enum
    8. 29. Be aware of numeric promotion behavior
    9. 30. Enable compile-time type checking of variable arity parameter types
    10. 31. Do not apply public final to constants whose value might change in later releases
    11. 32. Avoid cyclic dependencies between packages
    12. 33. Prefer user-defined exceptions over more general exception types
    13. 34. Try to gracefully recover from system errors
    14. 35. Carefully design interfaces before releasing them
    15. 36. Write garbage collection–friendly code
  12. Chapter 3. Reliability
    1. 37. Do not shadow or obscure identifiers in subscopes
    2. 38. Do not declare more than one variable per declaration
    3. 39. Use meaningful symbolic constants to represent literal values in program logic
    4. 40. Properly encode relationships in constant definitions
    5. 41. Return an empty array or collection instead of a null value for methods that return an array or collection
    6. 42. Use exceptions only for exceptional conditions
    7. 43. Use a try-with-resources statement to safely handle closeable resources
    8. 44. Do not use assertions to verify the absence of runtime errors
    9. 45. Use the same type for the second and third operands in conditional expressions
    10. 46. Do not serialize direct handles to system resources
    11. 47. Prefer using iterators over enumerations
    12. 48. Do not use direct buffers for short-lived, infrequently used objects
    13. 49. Remove short-lived objects from long-lived container objects
  13. Chapter 4. Program Understandability
    1. 50. Be careful using visually misleading identifiers and literals
    2. 51. Avoid ambiguous overloading of variable arity methods
    3. 52. Avoid in-band error indicators
    4. 53. Do not perform assignments in conditional expressions
    5. 54. Use braces for the body of an if, for, or while statement
    6. 55. Do not place a semicolon immediately following an if, for, or while condition
    7. 56. Finish every set of statements associated with a case label with a break statement
    8. 57. Avoid inadvertent wrapping of loop counters
    9. 58. Use parentheses for precedence of operation
    10. 59. Do not make assumptions about file creation
    11. 60. Convert integers to floating-point for floating-point operations
    12. 61. Ensure that the clone() method calls super.clone()
    13. 62. Use comments consistently and in a readable fashion
    14. 63. Detect and remove superfluous code and values
    15. 64. Strive for logical completeness
    16. 65. Avoid ambiguous or confusing uses of overloading
  14. Chapter 5. Programmer Misconceptions
    1. 66. Do not assume that declaring a reference volatile guarantees safe publication of the members of the referenced object
    2. 67. Do not assume that the sleep(), yield(), or getState() methods provide synchronization semantics
    3. 68. Do not assume that the remainder operator always returns a nonnegative result for integral operands
    4. 69. Do not confuse abstract object equality with reference equality
    5. 70. Understand the differences between bitwise and logical operators
    6. 71. Understand how escape characters are interpreted when strings are loaded
    7. 72. Do not use overloaded methods to differentiate between runtime types
    8. 73. Never confuse the immutability of a reference with that of the referenced object
    9. 74. Use the serialization methods writeUnshared() and readUnshared() with care
    10. 75. Do not attempt to help the garbage collector by setting local reference variables to null
  15. Appendix A: Android
  16. Glossary
  17. References
  18. Index