Category: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
Obsolete
Summary
Weaknesses in this category are related to rules in the Methods (MET) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-487 | Reliance on Package-level Scope | Java packages are not inherently closed; therefore, relying on them for code security is not a good practice. |
| CWE-568 | finalize() Method Without super.finalize() | The product contains a finalize() method that does not call super.finalize(). |
| CWE-573 | Improper Following of Specification by Caller | The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform. |
| CWE-581 | Object Model Violation: Just One of Equals and Hashcode Defined | The product does not maintain equal hashcodes for equal objects. |
| CWE-583 | finalize() Method Declared Public | The product violates secure coding principles for mobile code by declaring a finalize() method public. |
| CWE-586 | Explicit Call to Finalize() | The product makes an explicit call to the finalize() method from outside the finalizer. |
| CWE-589 | Call to Non-ubiquitous API | The product uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences. |
| CWE-617 | Reachable Assertion | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
| CWE-844 | Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" published in 2011. This view is considered obsolete as a newer version of the coding standard is available. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.