SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 35

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Code Block
bgColor#FFcccc
class ConsoleWrite {
  public static void main(String[] args) { 
    //Any input value >> 255 will result in unexpected output
    System.out.write(Integer.valueOf(args[0].toString()));
    System.out.flush();
  }
}

...

Code Block
bgColor#ccccff
class FileWrite {
  public static void main(String[] args) throws NumberFormatException, IOException { 
    FileOutputStream  out = new FileOutputStream("output""output");   

    //Perform range checking  
    if(Integer.valueOf(args[0]) <&lt; 0 || Integer.valueOf(args[0]) >&gt; 255) {
      throw new ArithmeticException("&quot;Value is out of range"&quot;);
    }
  
    out.write(Integer.valueOf(args[0].toString()));
    System.out.flush(); 
  }
}

...

Code Block
bgColor#ccccff
class FileWrite {
  public static void main(String[] args) throws NumberFormatException, IOException { 
    FileOutputStream out = new FileOutputStream("output"&quot;output&quot;);   
    DataOutputStream dos = new DataOutputStream(out);
    dos.writeInt(Integer.valueOf(args[0].toString()));
    // close out and dos 
  }     
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] method [write()|http://java.sun.com/javase/6/docs/api/java/io/OutputStream.html#write(int)]
\[[Harold 99|AA. Java References#Harold 99]\]

...

INT30-J. Range check before casting integers to narrower types      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;06. Integers (INT)      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;INT33-J. Do not cast numeric types to wider floating-point types without range checking