SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 18

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 19

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed to Applicability and corrected a reference

...

This proposed rewrite is provided by http://www.aeroxp.org/2009/01/lesson-on-infinite-loops "A lesson on infinite loops". The loop is guaranteed to exit, as days decreases for each iteration of the loop, unless the while condition fails, and the loop terminates.

...

This compliant solution is for illustrative purposes and is not necessarily the solution implemented by Microsoft.

...

Applicability

Failing to take into account all possibilities within a logic statement can lead to a corrupted running state, potentially resulting in unintentional information disclosure or abnormal termination.

...

Guideline

...

Severity

...

Likelihood

...

Remediation Cost

...

Priority

...

Level

...

MSC60-JG

...

medium

...

probable

...

...

P8

...

L2

Automated Detection

Related

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines 

C Secure Coding Standard: MSC01-C. Strive for logical completeness

C++ Secure Coding Standard: MSC01-CPP. Strive for logical completeness

ISO/IEC TR 24772 "CLL Switch Statements and Static Analysis"

...

[Hatton 1995] Section 2.7.2, "Errors of Omission and Addition"
[Viega 2005] Section 5.2.17, "Failure to Account for Default Case in Switch"
[http://www.aeroxp.org/2009/01/lesson-on-infinite-loopsZadegan 2009] for analysis on the Zune 30 bug

...