SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 23

changes.mady.by.user Fred Long

Saved on

compared with

New Version 24

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0
Warning
titleEliminated Guideline

This guideline has been labeled void and designated for future elimination from the Cert Oracle Secure Coding Standard for Java. This guideline has not been erased yet in case it contains information that might still be useful.

...

Code Block
bgColor#FFCCCC
public static final SomeType [] SOMETHINGS = { ... };

Wiki MarkupWith this declaration, {{SOMETHINGS\[1\]}}, etc. can be modified by clients of the code.

Compliant Solution

One approach is to have a private array and a public method that returns a copy of the array:

...

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

References

Wiki Markup\[[JLS 2006|AA. References#JLS 06] \] Section 6.6, Access Control \[
[Bloch 2008|AA. References#Bloch 08]\] Item 13: Minimize the accessibility of classes and members

...

SEC36-J. Ensure that the bytecode verifier is applied to all involved code upon any modification      09. Platform Security (SEC)      01. Declarations and Initialization (DCL)