Back to Details

124-java-secure-coding

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Java Secure coding guidelines

Java安全编码指南

Identify and apply Java secure coding practices to reduce vulnerabilities, protect sensitive data, and harden application behaviour against common attack vectors.
What is covered in this Skill?
  • Input validation: type, length, format, and range checks
  • SQL/OS/LDAP injection defence via 
    PreparedStatement
    and parameterized APIs
  • Attack surface minimisation: least-privilege permissions, removal of unused features
  • Strong cryptography: BCrypt/Argon2 for passwords, AES-GCM for encryption, digital signatures; avoid deprecated ciphers (MD5, SHA-1, DES)
  • Secure exception handling: log diagnostic details internally, expose only generic messages to clients
  • Secrets management: load credentials from environment variables or secret managers — never hardcoded
  • Safe deserialization: strict allow-lists, prefer explicit DTOs over native Java serialization
  • Output encoding to prevent XSS in rendered content
Scope: The reference is organized by examples (good/bad code patterns) for each core area. Apply recommendations based on applicable examples.
识别并应用Java安全编码实践,以减少漏洞、保护敏感数据,并强化应用程序抵御常见攻击向量的能力。
本Skill涵盖哪些内容?
  • 输入验证:类型、长度、格式和范围检查
  • 通过
    PreparedStatement
    和参数化API抵御SQL/操作系统/LDAP注入攻击
  • 缩小攻击面:最小权限许可、移除未使用功能
  • 强加密技术:使用BCrypt/Argon2处理密码,使用AES-GCM进行加密,数字签名;避免使用已弃用的加密算法(MD5、SHA-1、DES)
  • 安全异常处理:在内部记录诊断细节,仅向客户端暴露通用消息
  • 密钥管理:从环境变量或密钥管理器加载凭据——切勿硬编码
  • 安全反序列化:严格使用白名单,优先使用显式DTO而非原生Java序列化
  • 对输出进行编码,以防止渲染内容中的XSS攻击
适用范围:参考资料按每个核心领域的示例(良好/不良代码模式)组织。请根据适用示例应用建议。

Constraints

约束条件

Before applying any secure coding changes, ensure the project compiles. If compilation fails, stop immediately — do not proceed until resolved. After applying improvements, run full verification.
  • MANDATORY: Run 
    ./mvnw compile
    or 
    mvn compile
    before applying any changes
  • SAFETY: If compilation fails, stop immediately — do not proceed until the project is in a valid state
  • VERIFY: Run 
    ./mvnw clean verify
    or 
    mvn clean verify
    after applying improvements
  • BEFORE APPLYING: Read the reference for detailed good/bad examples, constraints, and safeguards for each secure coding pattern
在应用任何安全编码更改之前,确保项目可以编译。如果编译失败,请立即停止——在问题解决前不要继续。应用改进后,运行完整验证。
  • 强制要求:在应用任何更改前运行
    ./mvnw compile
    mvn compile
  • 安全注意:如果编译失败,请立即停止——在项目恢复有效状态前不要继续
  • 验证:应用改进后运行
    ./mvnw clean verify
    mvn clean verify
  • 应用前须知:阅读参考资料,了解每种安全编码模式的详细良好/不良示例、约束条件和防护措施

Reference

参考资料

For detailed guidance, examples, and constraints, see references/124-java-secure-coding.md.
如需详细指南、示例和约束条件,请参阅references/124-java-secure-coding.md