SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 13

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 14

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Code Block
bgColor#FFcccc
class Modifiable {	
  private List<Integer>List&lt;Integer&gt; list = new ArrayList<Integer>ArrayList&lt;Integer&gt;();

  public void listIt() {
    addSomething(list);
    // ...
  }

  private void addSomething(Collection<Integer>Collection&lt;Integer&gt; collection) {
    collection.add(1); 
  }
}

...

Code Block
bgColor#ccccff
// ...
public void listIt() {
  addSomething(Collections.unmodifiableCollection(list));
  // ...
}

private void addSomething(Collection<Integer>Collection&lt;Integer&gt; collection) {
  collection.add(1); // throws java.lang.UnsupportedOperationException
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Tutorials 08|AA. Java References#Tutorials 08]\] [Unmodifiable Wrappers|http://java.sun.com/docs/books/tutorial/collections/implementations/wrapper.html]

...

SEC00-J. Follow the principle of least privilege      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;02. Platform Security (SEC)      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SEC02-J. Do not expose standard APIs that may bypass Security Manager checks to untrusted code