124-java-secure-coding

Solid

Use when you need to apply Java secure coding best practices — including validating untrusted inputs, defending against injection attacks with parameterized queries, minimizing attack surface via least privilege, applying strong cryptographic algorithms, handling exceptions securely without exposing sensitive data, managing secrets at runtime, avoiding unsafe deserialization, and encoding output to prevent XSS. This should trigger for requests such as Review Java code for secure coding. Part of cursor-rules-java project

Code & Development 393 stars 78 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 92/100

Stars 20%
86
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Java Secure coding guidelines Identify and apply Java secure coding practices to reduce vulnerabilities, protect sensitive data, and harden application behaviour against common attack vectors. **What is covered in this Skill?** - Input validation: type, length, format, and range checks - SQL/OS/LDAP injection defence via `PreparedStatement` and parameterized APIs - Attack surface minimisation: least-privilege permissions, removal of unused features - Strong cryptography: BCrypt/Argon2 for passwords, AES-GCM for encryption, digital signatures; avoid deprecated ciphers (MD5, SHA-1, DES) - Secure exception handling: log diagnostic details internally, expose only generic messages to clients - Secrets management: load credentials from environment variables or secret managers — never hardcoded - Safe deserialization: strict allow-lists, prefer explicit DTOs over native Java serialization - Output encoding to prevent XSS in rendered content **Scope:** The reference is organized by examples (good/bad code patterns) for each core area. Apply recommendations based on applicable examples. ## Constraints Before applying any secure coding changes, ensure the project compiles. If compilation fails, stop immediately — do not proceed until resolved. After applying improvements, run full verification. - **MANDATORY**: Run `./mvnw compile` or `mvn compile` before applying any changes - **SAFETY**: If compilation fails, stop immediately — do not proceed until the project is in a valid ...

Details

Author
jabrena
Repository
jabrena/cursor-rules-java
Created
1 years ago
Last Updated
today
Language
Java
License
Apache-2.0

Integrates with

Model Context Protocol · AI

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Listed

java-secure-coding

Trigger: Java secure coding, Oracle Secure Coding Guidelines, input validation, trust boundaries, deserialization, least privilege, sensitive data. Review Java code for secure implementation practices.

0 Updated 1 weeks ago
andresnator
AI & Automation Solid

126-java-exception-handling

Use when you need to apply Java exception handling best practices — including using specific exception types, managing resources with try-with-resources, securing exception messages, preserving error context via exception chaining, validating inputs early with fail-fast principles, handling thread interruption correctly, documenting exceptions with @throws, enforcing logging policy, translating exceptions at API boundaries, managing retries and idempotency, enforcing timeouts, attaching suppressed exceptions, and propagating failures in async/reactive code. This should trigger for requests such as Exception handling; Use try-with-resources in Java code; Create exception chaining in Java code; Apply fail-fast validation in Java code. Part of cursor-rules-java project

393 Updated today
jabrena
Data & Documents Solid

144-java-data-oriented-programming

Use when you need to apply data-oriented programming best practices in Java — including separating code (behavior) from data structures using records, designing immutable data with pure transformation functions, keeping data flat and denormalized with ID-based references, starting with generic data structures converting to specific types when needed, ensuring data integrity through pure validation functions, and creating flexible generic data access layers. This should trigger for requests such as Improve the code with Data-Oriented Programming; Apply Data-Oriented Programming; Refactor the code with Data-Oriented Programming; Apply Data-Oriented Programming; Refactor the code with Data-Oriented Programming. Part of cursor-rules-java project

393 Updated today
jabrena
AI & Automation Solid

128-java-generics

Use when you need to review, improve, or refactor Java code for generics quality — including avoiding raw types, applying the PECS (Producer Extends Consumer Super) principle for wildcards, using bounded type parameters, designing effective generic methods, leveraging the diamond operator, understanding type erasure implications, handling generic inheritance correctly, preventing heap pollution with @SafeVarargs, and integrating generics with modern Java features like Records, sealed types, and pattern matching. This should trigger for requests such as Improve the code with Generics; Apply Generics; Refactor the code with Generics. Part of cursor-rules-java project

393 Updated today
jabrena
Code & Development Solid

141-java-refactoring-with-modern-features

Use when you need to refactor Java code to adopt modern Java features (Java 8+) — including migrating anonymous classes to lambdas, replacing Iterator loops with Stream API, adopting Optional for null safety, switching from legacy Date/Calendar to java.time, using collection factory methods, applying text blocks, var inference, or leveraging Java 25 features like flexible constructor bodies and module import declarations. This should trigger for requests such as Review Java code for modern Java development; Apply best practices for modern Java development in Java code. Part of cursor-rules-java project

393 Updated today
jabrena