Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This malicious BigInteger class is clearly mutable because of the setValue() method. Furthermore, the modPow() method is subject to precision loss. (See rules "NUM00-J. Detect or prevent integer overflow," "NUM11-J. Check floating-point inputs for exceptional values," "NUM15-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data," and "NUM17-J. Beware of precision loss when converting primitive integers to floating-point" for more information.) Any code that receives an object of this class and assumes that the object is immutable will have unexpected behavior. This is particularly important because the BigInteger.modPow() method has several useful cryptographic applications.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b010e05315f27f47-30aa2f2d-432a489b-88c1a23f-212d80fab3e88e35843e4ccc"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

Class BigInteger

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="10ac38b585f66476-148968c8-487d4c37-b24b9432-ba546b4d233274ee707d1250"><ac:plain-text-body><![CDATA[

[[Bloch 2008

AA. Bibliography#Bloch 08]]

Item 1: "Consider static factory methods instead of constructors"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c3331e6b1e541579-8a010ef4-419440be-9027919d-33d972ebff59b2bf7bb44734"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

Chapter 6: "Enforcing Security Policy"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1a78fa614ca38972-6bc41bbe-4b5e4aca-baf7a110-427e36cc394811a8d307c6f9"><ac:plain-text-body><![CDATA[

[[Lai 2008

AA. Bibliography#Lai 08]]

Java Insecurity: Accounting for Subtleties That Can Compromise Code

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6df0f8c3c1fbe8ee-80f018f5-420442e1-922eb07f-fe8092439a475f4dd15ae677"><ac:plain-text-body><![CDATA[

[[McGraw 1999

AA. Bibliography#McGraw 99]]

Chapter Seven Rule 3: "Make Everything Final, Unless There's a Good Reason Not To"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="02d49f4d864ccceb-07400073-42ac44bf-98ffafaa-a9a8d65c4818e8a027d5d4c4"><ac:plain-text-body><![CDATA[

[[SCG 2007

AA. Bibliography#SCG 07]]

Guideline 1-2 "Limit the extensibility of classes and methods"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d86ae27d43fd2ccf-84ac8564-40f54955-97119767-ea65cecdb54c28171d2ae5c6"><ac:plain-text-body><![CDATA[

[[SCG 2009

AA. Bibliography#SCG 09]]

Secure Coding Guidelines for the Java Programming Language, version 3.0

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="de0823e6f7d73bda-982f3b05-4da04f93-83a7a9dd-e3dd25aaf2b144e55f9ade86"><ac:plain-text-body><![CDATA[

[[Ware 2008

AA. Bibliography#Ware 08]]

]]></ac:plain-text-body></ac:structured-macro>

...