...
| Wiki Markup |
|---|
According to the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\] section 6.3.2 ""Obscured Declarations"": |
A simple name may occur in contexts where it may potentially be interpreted as the name of a variable, a type or a package. In these situations, the rules of §6§6.5 specify that a variable will be chosen in preference to a type, and that a type will be chosen in preference to a package.
...
| Code Block | ||
|---|---|---|
| ||
class Vector {
private int val = 1;
public boolean isEmpty() {
if(val == 1) { //compares with 1 instead of 0
return true;
} else {
return false;
}
}
//other functionality is same as java.util.Vector
}
// import java.util.Vector; omitted
public class VectorUser {
public static void main(String[] args) {
Vector v = new Vector();
if(v.isEmpty()) {
System.out.println(""Vector is empty"");
}
}
}
|
Compliant Solution
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
This rule appears in the C Secure Coding Standard as DCL01-C. Do not reuse variable names in subscopes.
...
| Wiki Markup |
|---|
\[[JLS 05|AA. Java References#JLS 05]\] 6.3.2 ""Obscured Declarations"", 6.3.1 ""Shadowing Declarations"", 14.4.3 ""Shadowing of Names by Local Variables"" \[[Bloch 08|AA. Java References#Bloch 08]\] Puzzle 67: All Strung Out \[[Kabanov 09|AA. Java References#Kabanov 09]\] \[[Conventions 09|AA. Java References#Conventions 09]\] 6.3 Placement \[[FindBugs 08|AA. Java References#FindBugs 08]\]: Nm: Class names shouldn't shadow simple name of implemented interface Nm: Class names shouldn't shadow simple name of superclass MF: Class defines field that masks a superclass field MF: Method defines a variable that obscures a field |
...
SCP02-J. Do not expose sensitive private members of the outer class from within a nested class 05. Scope (SCP) SCP04-J. Reduce the scope of the SuppressWarnings annotation