Java 1.5 supports the use of enumerated types, these enums look just like their C and C++ counterparts. But, in the Java programming language enums are far more powerful than their counterparts in other languages, which are little more than glorified integers. All In Java, all enums have an ordinal() method, which returns the numerical position of each enum constant in its typeclass declaration.
Java Language Specification, in Section 8.9, "Enums" does not specify the use of ordinal() in programs. Improper use of ordinal() method in program logic can cause errors in programs.
| Wiki Markup |
|---|
According to the Java API \[[API 2006|AA. Bibliography#API 06]\], {{ordinal()}} is defined as {{: |
public final int}} {{{*}ordinal{*}{}}}{{()}}
returns the ordinal of the enumeration constant (its position in its enum declaration, where the initial constant is assigned an ordinal of zero). Most programmers will have no use for this method. It is designed for use by sophisticated enum-based data structures, such as
EnumSetandEnumMap.
It defines use of ordinal() as a helper function to sophisticated enum-based data-structures EnumSet and EnumMap. Poor understanding of ordinal generally causes errors in the programs() can cause programs to behave erroneously.
Noncompliant Code Example
...
This noncomplaint code example declares enum HydroCarbonsHydrocarbon and uses its ordinal() method to find the attribute, numberOfCarbons, of enum constantsprovide the result of the getNumberOfCarbons() method.
| Code Block | ||
|---|---|---|
| ||
enum HydroCarbon {
METHANE, ETHANE, PROPANE, BUTANE, PENTANE,
HEXANE, HEPTANE, OCTANE, NONANE, DECANE;
public int getNumberOfCarbons() {
return ordinal() + 1;
}
}
public class TestHC {
public static void main(String args[]) {
/* ... */
HydroCarbon hc = HydroCarbon.HEXANE;
int index = hc.getNumberOfCarbons();
int noHyd = NumberOfHydrogen[index]; // Can cause ArrayIndexOutOfBoundsException
}
}
|
While the enum code above generally works, its maintenance is susceptible to vulnerabilities. If the enum constants are reordered, the getNumberOfCarbon() method does not return right correct values. Also, if we add BENZENE (number of carbons = 6) {{BENZENE}}, with 6 carbons, is added to the enum, it is not clear where it needs to cannot be added and causes more errors in the programwithout violating the current enum design.
Compliant Solution
In this compliant solution, we explicitly associate enum constants with corresponding integer values.
| Code Block | ||
|---|---|---|
| ||
enum HydroCarbon {
METHANE(1), ETHANE(2), PROPANE(3), BUTANE(4), PENTANE(5),
HEXANE(6), BENZENE(6), HEPTANE(7), OCTANE(8), NONANE(9), DECANE(10);
private final int numberOfCarbons;
HydroCarbonsHydrocarbon(int carbons) { this.numberOfCarbons = carbons; }
public int getNumberOfCarbons() {
return numberOfCarbons;
}
}
|
Risk Assessment
Use of ordinals to derive integer values reduces program's maintainability and leads to errors in the program.
...
C Secure Coding Standard: INT09-C. Ensure enumeration constants map to unique values
C++ Secure Coding Standard: INT09-CPP. Ensure enumeration constants map to unique values
...