Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 39

...

Code Block
bgColor#FFCCCC
public final class Card implements Comparable {
  private String suit;
  private int rank;

  public Card(String s, int r) {
    if (s == null) {
      throw new NullPointerException();
    }
    suit = s;
    rank = r;
  }

  public boolean equals(Object o) {
    if (o instanceof Card) {
      Card c = (Card)o;
      return suit.equals(c.suit) || (rank == c.rank); // Bad
    }
    return false;
  }

  // This method violates its contract
  public int compareTo(Object o) {
    if (o instanceof Card) {
      Card c = (Card)o;
      if(suit.equals(c.suit) ) 
        return 0;
      if((c.rank >= rank + Integer.MIN_VALUE) && 
          (c.rank <= rank + Integer.MAX_VALUE) )
        // Check for integer overflow
        return c.rank - rank; // Order based on rank
    }
    throw new ClassCastException();
  }

  public static void main(String[] args) {
    Card a = new Card("Clubs", 2);
    Card b = new Card("Clubs", 10);
    Card c = new Card("Hearts", 7);
    System.out.println(a.compareTo(b)); // Returns 0
    System.out.println(a.compareTo(c)); // Returns a negative number
    System.out.println(b.compareTo(c)); // Returns a positive number
  }
}

...

Code Block
bgColor#ccccff
public final class Card implements Comparable{
  private String suit;
  private int rank;

  public Card(String s, int r) {
    if (s == null) {
      throw new NullPointerException();
    }
    suit = s;
    rank = r;
  }

  public boolean equals(Object o) {
    if (o instanceof Card) {
      Card c=(Card)o;
      return suit.equals(c.suit) &amp;&amp; (rank == c.rank); // Good
    }
    return false;
  }

  // This method fulfills its contract
  public int compareTo(Object o) {
    if (o instanceof Card) {
      Card c=(Card)o;
      if(suit.equals(c.suit) &amp;&amp;
          (c.rank >= rank + Integer.MIN_VALUE) &amp;&amp;
          (c.rank <= rank + Integer.MAX_VALUE) ) 
        return c.rank - rank;
      return suit.compareTo(c.suit);
    }
    throw new ClassCastException();
  }

  public static void main(String[] args) {
    Card a = new Card("Clubs", 2);
    Card b = new Card("Clubs", 10);
    Card c = new Card("Hearts", 7);
    System.out.println(a.compareTo(b)); // Returns 0
    System.out.println(a.compareTo(c)); // Returns a negative number
    System.out.println(b.compareTo(c)); // Returns a negative number
  }
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as ARR40-CPP. Use a Valid Ordering Rule.

...