SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 8

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed to Applicability and updated the reference to java 7

...

Code Block
bgColor#ccccff
BufferedReader br;

// Set up the BufferedReader br

String line;

// ...

line = br.readLine();

if (line == null) {
  // handle error
}

...

Applicability

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MSC55-JG

low

unlikely

high

P1

L3

...

In general, the misuse of the assert statement for runtime checking rather than checking for logical errors cannot be detected automatically.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

C Secure Coding Standard: MSC11-C. Incorporate diagnostic tests using assertions

C++ Secure Coding Standard: MSC11-CPP. Incorporate diagnostic tests using assertions

Bibliography

[JLS 2011]

Section 14§14.10, The assert Statement