SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 94

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 95

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
 // Determine whether object auth has required/expected class nameobject
 if (auth.getClass().getName().equals(
      "com.application.auth.DefaultAuthenticationHandler")) {
   // ...
}

Comparing fully qualified class names is insufficient because distinct class loaders can load differing classes with identical fully qualified names into a single JVM.

...

This compliant solution compares the class object auth to the class object of the class that the current class loader loads, instead of comparing just the class names.

Code Block
bgColor#ccccff
 // Determine whether object hauth has required/expected class name
 if (auth.getClass() == this.getClass().getClassLoader().loadClass(
      "com.application.auth.DefaultAuthenticationHandler")) {
   // ...
}

The call to loadClass() returns the class with the specified name in the current name space (consisting of the class name and the defining class loader), and the comparison is correctly performed on the two class objects.

...

Code Block
bgColor#FFCCCC
// Determine whether objects x and y have the same class name
if (x.getClass().getName().equals(y.getClass().getName())) {
  // Code assumes that the objects Objects have the same class
}

Compliant Solution

...

Code Block
bgColor#ccccff
// Determine whether objects x and y have the same class
if (x.getClass() == y.getClass()) {
  // Code assumes that the objects Objects have the same class
}

Risk Assessment

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="641214d0b07e0302-36b9cb9d-4b6f4af6-917b99e3-918cccb5b272026c4bd20e8f"><ac:plain-text-body><![CDATA[

[[Christudas 2005

AA. Bibliography#Christudas 05]]

Internals of Java Class Loading

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1b703f5a640aa1c5-96ed76c7-40514d2a-ac32be25-e8b5cc761197b10a1c681961"><ac:plain-text-body><![CDATA[

[[JVMSpec 1999

AA. Bibliography#JVMSpec 99]]

[§2.8.1, Class Names

http://java.sun.com/docs/books/jvms/second_edition/html/Concepts.doc.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e3f6cf09fa707a6f-ecff8eb4-40ee479a-b092b553-3fed7497af2c8ede9bdc864a"><ac:plain-text-body><![CDATA[

[[McGraw 1998

AA. Bibliography#Mcgraw 98]]

Twelve rules for Developing More Secure Java Code

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="540a2abb713e5e76-2a7b3bcc-47464487-9eb285b5-e445578c5d7f404057043ef3"><ac:plain-text-body><![CDATA[

[[Wheeler 2003

AA. Bibliography#Wheeler 03]]

[Java

http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/java.html] Java Secure Programming for Linux and UNIX HOWTO

]]></ac:plain-text-body></ac:structured-macro>

...