Diagnostic tests can be incorporated into programs by using the assert() statement. Assertions are primarily intended for use during debugging and are generally turned off before code is deployed by using the -disableassertions (or -da) java option. Consequently, assertions should be used to protect against incorrect programmer assumptions and not for runtime error checking.
...
- invalid user input (including command-line arguments and environment variables)
- file errors (for example, errors opening, reading, or writing files)
- network errors (including network protocol errors)
- out-of-memory conditions (when the Java Virtual Machine [JVM] cannot allocate space for a new object and the garbage collector cannot make sufficient space available)
- system resource exhaustion (for example, out-of-file descriptors, processes, threads)
- system call errors (for example, errors executing files, locking or unlocking mutexes)
- invalid permissions (for example, file, memory, user)
...
This noncompliant code example uses the assert() statement to verify that input was available. Because input availability depends on the user and can become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. Therefore, using the assert() statement to verify that input was available would be inappropriate because doing so might lead to an abrupt termination of the process, opening up the possibility of a DoS attack.
| Code Block | ||
|---|---|---|
| ||
BufferedReader br; // Set up the BufferedReader br String line; // ... line = br.readLine(); assert line != null; |
Because input availability depends on the user and can be exhausted at any point during program execution, a robust program must be prepared to gracefully handle and recover from its exhaustion. However, using the assert statement to verify that some significant input was available is inappropriate because it might lead to an abrupt termination of the process, exposing a DoS vulnerability.
Compliant Solution
This compliant solution demonstrates how the recommended way to detect and handle possible unavailability of input unavailability.
| Code Block | ||
|---|---|---|
| ||
BufferedReader br;
// Set up the BufferedReader br
String line;
// ...
line = br.readLine();
if (line == null) {
// handle error
}
|
...