SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 46

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 47

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

To gain better ability at telling apart correct from fallacious results and enforcing that the incorrect results be carefully handled, a combination of the aforementioned approaches is recommended. At the same time, in some cases, an error value instead of an exception should be returned, and vice versa. For instance, if some method is capable of failing in a variety of ways, it is better to return failure codes than try to throw scores of different exceptions. Note that no possible failure codes should be within the range of valid return values.

Wiki MarkupSometimes a state-testing method \ [[Bloch 2008|AA. References#Bloch 08] \] can be used to ensure that the object is in consistent state at all points in time. This approach is not useful in the absence of external synchronization. There is also a time-of-check, time-of-use (TOCTOU) race condition between invocation of the object's state-testing method and the call to a method that depends on the object's state. During this interval, the object's state could change surreptitiously.

A method should not return a value or error code that does not accurately specify the object state. Clients should be able to rely on the value for performing critical decisions.

...

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET09-J

medium

probable

medium

P8

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

...

This guideline is similar to the C Secure Coding Standard recommendation ERR02-C. Avoid in-band error indicators and to the C++ Secure Coding Standard recommendation ERR02-CPP. Avoid in-band error indicators

Bibliography

Wiki Markup\[[Ware 2008|AA. References#Ware 08]\] \[[MITRE 2009|AA. References#MITRE 09]\] [CWE ID 393|http://cwe.mitre.org/data/definitions/393.html], "Return of Wrong Status Code," and [CWE ID 389|http://cwe.mitre.org/data/definitions/393.html], "Error Conditions, Return Values, Status ]
[MITRE 2009] CWE ID 393, "Return of Wrong Status Code," and CWE ID 389, "Error Conditions, Return Values, Status Codes"

...

MET52-J. Do not use the clone method to copy untrusted method parameters      05. Methods (MET)      MET54-J. For methods that return an array or collection prefer returning an empty array or collection over a null value