...
This malicious BigInteger
class is clearly mutable because of the setValue()
method. Furthermore, the modPow()
method is subject to precision loss. (See rules "NUM00-J. Detect or prevent integer overflow," "NUM11-J. Check floating-point inputs for exceptional values," "NUM15-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data," and "NUM17-J. Beware of precision loss when converting primitive integers to floating-point" for more information.) Any code that receives an object of this class and assumes that the object is immutable will have unexpected behavior. This is particularly important because the BigInteger.modPow()
method has several useful cryptographic applications.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b010e05315f27f47-30aa2f2d-432a489b-88c1a23f-212d80fab3e88e35843e4ccc"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class BigInteger | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="10ac38b585f66476-148968c8-487d4c37-b24b9432-ba546b4d233274ee707d1250"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 1: "Consider static factory methods instead of constructors" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c3331e6b1e541579-8a010ef4-419440be-9027919d-33d972ebff59b2bf7bb44734"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Chapter 6: "Enforcing Security Policy" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1a78fa614ca38972-6bc41bbe-4b5e4aca-baf7a110-427e36cc394811a8d307c6f9"><ac:plain-text-body><![CDATA[ | [[Lai 2008 | AA. Bibliography#Lai 08]] | Java Insecurity: Accounting for Subtleties That Can Compromise Code | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6df0f8c3c1fbe8ee-80f018f5-420442e1-922eb07f-fe8092439a475f4dd15ae677"><ac:plain-text-body><![CDATA[ | [[McGraw 1999 | AA. Bibliography#McGraw 99]] | Chapter Seven Rule 3: "Make Everything Final, Unless There's a Good Reason Not To" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="02d49f4d864ccceb-07400073-42ac44bf-98ffafaa-a9a8d65c4818e8a027d5d4c4"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 1-2 "Limit the extensibility of classes and methods" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d86ae27d43fd2ccf-84ac8564-40f54955-97119767-ea65cecdb54c28171d2ae5c6"><ac:plain-text-body><![CDATA[ | [[SCG 2009 | AA. Bibliography#SCG 09]] | Secure Coding Guidelines for the Java Programming Language, version 3.0 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="de0823e6f7d73bda-982f3b05-4da04f93-83a7a9dd-e3dd25aaf2b144e55f9ade86"><ac:plain-text-body><![CDATA[ | [[Ware 2008 | AA. Bibliography#Ware 08]] | ]]></ac:plain-text-body></ac:structured-macro> |
...