SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 26

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor edits

...

Code Block
bgColor#FFcccc
public void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check if file can be read
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception  
  }
}

...

This compliant solution prohibits inheritance of the readSensitiveFile() method by declaring it as final.

Code Block
bgColor#ccccff
public final void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // check if file can be read
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception 
  }
}

...

This compliant solution prohibits inheritance of the readSensitiveFile() method by declaring it private.

Code Block
bgColor#ccccff
private void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // check if file can be read
      ...sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception 
  }
}

Exceptions

MET03-EX1EX0: Classes that are declared final are exempt from this guideline as they imply that the contained methods cannot be overridden.

...

Failing to declare a non-final class's method private or final can allow a subclass to omit circumvent the security checks defined performed in the methods.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET03-J

medium

probable

medium

P8

L2

...