The definitions of two constant expressions should be related when, and only when, the values they express are also related.
Noncompliant Code Example
In this noncompliant code example, OUT_STR_LEN
must always be exactly two greater than IN_STR_LEN
. These definitions fail to reflect this requirement:
Code Block | ||
---|---|---|
| ||
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = 12; |
Compliant Solution
In this compliant solution, the relationship between the two values is represented in the definitions:
Code Block | ||
---|---|---|
| ||
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = IN_STR_LEN + 2; |
Noncompliant Code Example
In this noncompliant code example, there appears to be an underlying relationship between the two constants where none exists.
...
A programmer performing routine maintenance may modify the definition for ADULT_AGE
but fail to recognize the resulting change in the definition for ALCOHOL_AGE
.
Compliant Solution
In this compliant solution, the definitions reflect the independence of the two constants.
Code Block | ||
---|---|---|
| ||
public static final int ADULT_AGE = 18; public static final int ALCOHOL_AGE = 21; |
Risk Assessment
Failure to properly encode relationships in constant declarations can lead to unexpected values and can complicate maintenance.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL03-J | low | unlikely | high | P1 | L3 |
Automated Detection
Automated detection is not currently feasible.
Related Guidelines
C Secure Coding Standard: "DCL08-C. Properly encode relationships in constant definitions"
C++ Secure Coding Standard: "DCL08-CPP. Properly encode relationships in constant definitions"
Bibliography
Wiki Markup |
---|
\[[JLS 2005|AA. Bibliography#JLS 05]\] [§4.12.4, "{{final}} Variables"|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.12.4] |
...