SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 44

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 45

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
Unfortunately, a {{Vector}} and an {{Enumeration}} may not always work well together. In fact, the Java API \[java:[API 2006|AA. Bibliography#API 06]\] recommends, "New implementations should consider using {{Iterator}} in preference to {{Enumeration}}."

Noncompliant Code Example

This noncompliant code example implements a BankOperations class with a removeAccounts() method used to terminate all the accounts of a particular account holder, as identified by the name. Names can be repeated in the vector if a person has more than one account. The remove() method attempts to iterate through all the vector entries comparing each entry with the name "Harry".

...

Upon encountering the first "Harry", it successfully removes the entry and the size of the vector diminishes to three. However, the index of the Enumeration does not decrease by one, causing the program to use "Tom" for the next (now final) comparison. As a result, the second "Harry" continues to remain in the vector unscathed, having shifted to the second position in the vector.

Compliant Solution

Wiki Markup
According to the Java API \[java:[API 2006|AA. Bibliography#API 06]\], interface {{Iterator}} documentation

...

Code Block
bgColor#ccccff
class BankOperations {
  private static void removeAccounts(Vector v, String name) {
    Iterator i = v.iterator();
	 
    while (i.hasNext()) {
      String s = (String) i.next();
      if (s.equals(name)) {
        i.remove(); // Correctly removes all instances of the name Harry
      }
    }

    // Display current account holders
    System.out.println("The names are:");
    i = v.iterator();
    while (i.hasNext()) {
      System.out.println(i.next()); // Prints Dick, Tom only	 
    }
  }
	 
  public static void main(String args[]) {
    List list = new ArrayList(Arrays.asList(
      new String[] {"Dick", "Harry", "Harry", "Tom"}));
    Vector v = new Vector(list);
    remove(v, "Harry"); 
  }
}

Risk Assessment

Using Enumerations when performing remove operations on a vector may cause unexpected program behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC12-J

low

unlikely

medium

P2

L3

Automated Detection

The Coverity Prevent Version 5.0 ITERATOR checker can detect the instance where next() or previous() on an iterator is called that may not have a next or previous element.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

Wiki Markup
\[java:[API 2006|AA. Bibliography#API 06]\] Interfaces: Enumeration and Iterator
\[java:[Daconta 2003|AA. Bibliography#Daconta 03]\] Item 21: Use Iteration over Enumeration

...