| Wiki Markup |
|---|
According to the _Java Language Specification_, \[[JLS 2005|AA. Bibliography#JLS 05]\], §12.5, "Creation of New Class Instances,"] \[[JLS 2005|AA. Bibliography#JLS 05]\]: |
Unlike C++, the Java programming language does not specify altered rules for method dispatch during the creation of a new class instance. If methods are invoked that are overridden in subclasses in the object being initialized, then these overriding methods are used, even before the new object is completely initialized.
Invocation of an overridable method during object construction may result in the use of uninitialized data, leading to runtime exceptions or to unanticipated outcomes. Calling overridable methods from constructors can also leak the this reference before object construction is complete, potentially exposing uninitialized or inconsistent data to other threads. See rule TSM01-J. Do not let the (this) reference escape during object construction for additional information. As a result, constructors must not invoke only methods that are not final or private.
Noncompliant Code Example
...
| Code Block | ||
|---|---|---|
| ||
class SuperClass {
public SuperClass () {
doLogic();
}
public void doLogic() {
System.out.println("This is superclass!");
}
}
class SubClass extends SuperClass {
private String color = null;
public SubClass() {
super();
color = "Red";
}
public void doLogic() {
// Color becomes null
System.out.println("This is subclass! The color is :" + color);
// ...
}
}
public class Overridable {
public static void main(String[] args) {
SuperClass bc = new SuperClass();
// Prints "This is superclass!"
SuperClass sc = new SubClass();
// Prints "This is subclass! The color is :null"
}
}
|
...
Allowing a constructor to call overridable methods may give can provide an attacker with access to the this reference before an object is fully initialized, which in turn could lead to a vulnerability.
...
Automated detection of constructors that contain invocations of overridable methods appears to be is straightforward.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="88955eba1ec5d8ba-1e274fea-41aa4edb-81b39ace-4d7812e46900978e99c9260f"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | " Inheritance [RIP] " | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="094b74d6012f14a3-414af9af-470e4468-aacab52b-cff62582ddc117c54aa3ad9d"><ac:plain-text-body><![CDATA[ | [[ESA 2005 | AA. Bibliography#ESA 05]] | Rule 62: Do not call non-final nonfinal methods from within a constructor | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="026f917cccb06999-495a6206-43404d99-9c6b92e4-2655f96756c4696420da951d"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Chapter 8, Classes | http://java.sun.com/docs/books/jls/third_edition/html/classes.html], §12.5 " Creation of New Class Instances " | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="69a2947a2e283343-ea18ea11-4e1c4ad1-b053a3ba-896789ce8d8f2dd42d53cf0a"><ac:plain-text-body><![CDATA[ | [[Rogue 2000 | AA. Bibliography#Rogue 00]] | Rule 81: . Do not call non-final methods from within a constructor | ]]></ac:plain-text-body></ac:structured-macro> | |
Secure Coding Guidelines for the Java Programming Language, Version 3.0 | Guideline 4-4. Prevent constructors from calling methods that can be overridden |
...