| Class | Description |
|---|---|
| FileCreateTempFileRule | The File.createTempFile() method is insecure, and has been deprecated by the ESAPI secure coding library. |
| InsecureRandomRule | Reports usages of java.util.Random, which can produce very predictable results. |
| JavaIoPackageAccessRule | This rule reports violations of the Enterprise JavaBeans specification by using the java.io package to access files or the file system. |
| NonFinalPublicFieldRule | Finds code that violates secure coding principles for mobile code by declaring a member variable public but not final. |
| NonFinalSubclassOfSensitiveInterfaceRule | The permissions classes such as java.security.Permission and java.security.BasicPermission are designed to be extended. |
| ObjectFinalizeRule | The finalize() method should only be called by the JVM after the object has been garbage collected. |
| PublicFinalizeMethodRule | Creates a violation when the program violates secure coding principles by declaring a finalize() method public. |
| SystemExitRule | Web applications should never call System.exit(). |
| UnsafeArrayDeclarationRule | Triggers a violation when an array is declared public, final, and static. |
| UnsafeImplementationAsMapRule | Reports incomplete interface implementations created by map-to-interface coercions. |