Class |
Description |
FileCreateTempFileAstVisitor
|
|
FileCreateTempFileRule
|
The File.createTempFile() method is insecure, and has been deprecated by the ESAPI secure coding library.
|
InsecureRandomAstVisitor
|
|
InsecureRandomRule
|
Reports usages of java.util.Random, which can produce very predictable results. |
JavaIoPackageAccessAstVisitor
|
|
JavaIoPackageAccessRule
|
This rule reports violations of the Enterprise JavaBeans specification by using the java.io package to access files or the file system. |
NonFinalPublicFieldAstVisitor
|
|
NonFinalPublicFieldRule
|
Finds code that violates secure coding principles for mobile code by declaring a member variable public but not final. |
NonFinalSubclassOfSensitiveInterfaceAstVisitor
|
|
NonFinalSubclassOfSensitiveInterfaceRule
|
The permissions classes such as java.security.Permission and java.security.BasicPermission are designed to be extended.
|
ObjectFinalizeAstVisitor
|
|
ObjectFinalizeRule
|
The finalize() method should only be called by the JVM after the object has been garbage collected. |
PublicFinalizeMethodAstVisitor
|
|
PublicFinalizeMethodRule
|
Creates a violation when the program violates secure coding principles by declaring a finalize() method public. |
SystemExitAstVisitor
|
|
SystemExitRule
|
Web applications should never call System.exit(). |
UnsafeArrayDeclarationAstVisitor
|
|
UnsafeArrayDeclarationRule
|
Triggers a violation when an array is declared public, final, and static. |
UnsafeImplementationAsMapAstVisitor
|
|
UnsafeImplementationAsMapRule
|
Reports incomplete interface implementations created by map-to-interface coercions. |