SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Fred Long

Saved on

compared with

New Version 6

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
Unfortunately, a {{Vector}} and an {{Enumeration}} may not always work well together, as will be demonstrated in the noncompliant code example. In fact \[[API 06|AA. Java References#API 06]\] itself recommends, "New implementations should consider using Iterator in preference to Enumeration."

Noncompliant Code Example

This noncompliant example implements a BankOperations class with a removeAccounts method that is used to terminate all the accounts of a particular account holder, as identified by the name. Names can be repeated in the vector if a person has more than 1 account. The remove method attempts to iterate through all the vector entries comparing each entry with the name "Harry".

...

Code Block
bgColor#FFcccc
class BankOperations
{
  private static void removeAccounts(Vector v, String name) {
  
    Enumeration e = v.elements();
		 
    while (e.hasMoreElements())
    {
      String s = (String) e.nextElement();
      if (s.equals(name))
        v.remove("Harry"); //Second Harry is not removed!
    }

    // Display current account holders
    System.out.println("The names are:");
    e = v.elements();
    while (e.hasMoreElements())
      System.out.println(e.nextElement());  //Prints Dick, Harry, Tom	  
    }
	 
  public static void main(String args[])
  { 
    //List contains a sorted array of account holder names. Repeats are admissible. 
    List list = new ArrayList(Arrays.asList(new String[] {"Dick", "Harry", "Harry", "Tom"}));
    Vector v = new Vector(list);
    removeAccount(v,"Harry"); 
  }
}

Compliant Solution

Wiki Markup
According to \[[API 06|AA. Java References#API 06]\], Interface {{Iterator}} Documentation:

...

Code Block
bgColor#ccccff
class BankOperations
{
  private static void removeAccounts(Vector v, String name) {
    Iterator i = v.iterator();
	 
    while (i.hasNext())
    {
      String s = (String) i.next();
      if (s.equals(name))
        i.remove(); // Correctly removes all instances of the name Harry
    }

    // Display current account holders
    System.out.println("The names are:");
    i = v.iterator();
    while (i.hasNext())
      System.out.println(i.next()); // Prints Dick, Tom only	 
  }
	 
  public static void main(String args[])
  {
    List list = new ArrayList(Arrays.asList(new String[] {"Dick", "Harry", "Harry", "Tom"}));
    Vector v = new Vector(list);
    remove(v,"Harry"); 
  }
}

Risk Assessment

Using Enumerations while performing remove operations on a vector might result in unexpected program behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC08-J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] Interfaces: Enumeration and Iterator
\[[Daconta 03|AA. Java References#Daconta 03]\] Item 21: Use Iteration over Enumeration

...