...
| Code Block | ||
|---|---|---|
| ||
public final class Card implements Comparable {
private String suit;
private int rank;
public Card(String s, int r) {
if (s == null) {
throw new NullPointerException();
}
suit = s;
rank = r;
}
public boolean equals(Object o) {
if (o instanceof Card) {
Card c = (Card)o;
return suit.equals(c.suit) || (rank == c.rank); // Bad
}
return false;
}
// This method violates its contract
public int compareTo(Object o) {
if (o instanceof Card) {
Card c = (Card)o;
if(suit.equals(c.suit) )
return 0;
if((c.rank >>= rank + Integer.MIN_VALUE) &&
(c.rank <<= rank + Integer.MAX_VALUE) )
// Check for integer overflow
return c.rank - rank; // Order based on rank
}
throw new ClassCastException();
}
public static void main(String[] args) {
Card a = new Card("Clubs""Clubs", 2);
Card b = new Card("Clubs""Clubs", 10);
Card c = new Card("Hearts""Hearts", 7);
System.out.println(a.compareTo(b)); // Returns 0
System.out.println(a.compareTo(c)); // Returns a negative number
System.out.println(b.compareTo(c)); // Returns a positive number
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
public final class Card implements Comparable{
private String suit;
private int rank;
public Card(String s, int r) {
if (s == null) {
throw new NullPointerException();
}
suit = s;
rank = r;
}
public boolean equals(Object o) {
if (o instanceof Card) {
Card c=(Card)o;
return suit.equals(c.suit) && (rank == c.rank); // Good
}
return false;
}
// This method fulfills its contract
public int compareTo(Object o) {
if (o instanceof Card) {
Card c=(Card)o;
if(suit.equals(c.suit) &&
(c.rank >>= rank + Integer.MIN_VALUE) &&
(c.rank <<= rank + Integer.MAX_VALUE) )
return c.rank - rank;
return suit.compareTo(c.suit);
}
throw new ClassCastException();
}
public static void main(String[] args) {
Card a = new Card("Clubs""Clubs", 2);
Card b = new Card("Clubs""Clubs", 10);
Card c = new Card("Hearts""Hearts", 7);
System.out.println(a.compareTo(b)); // Returns 0
System.out.println(a.compareTo(c)); // Returns a negative number
System.out.println(b.compareTo(c)); // Returns a negative number
}
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
This rule appears in the C++ Secure Coding Standard as ARR40-CPP. Use a Valid Ordering Rule.
...
MET33-J. Do not subject overloaded methods to polymorphic invocations 12. Methods (MET) MET35-J. Ensure that the clone method calls super.clone