SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 36

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

Wiki Markup
According to the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\], section 8.4.8.3 ""Requirements in Overriding and Hiding"":

The access modifier of an overriding or hiding method must provide at least as much access as the overridden or hidden method, or a compile-time error occurs.

...

Code Block
bgColor#FFcccc
class BadScope {
  protected void doLogic() { 
    System.out.println(""Super invoked""); 
  }
}

public class Sub extends BadScope {
  public void doLogic() { 
    System.out.println(""Sub invoked"");
    // Do sensitive operations
  }
}

...

Code Block
bgColor#ccccff
class BadScope {
  protected final void doLogic() { // declare as final 
    System.out.println(""Super invoked"");
    // Do sensitive operations
  }
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] [Section 8.4.8.3, Requirements in Overriding and Hiding|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.4.8.3]
[\[[SCG 07|AA. Java References#SCG 07]\]] Guideline 1-1 Limit the accessibility of classes, interfaces, methods, and fields
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 487|http://cwe.mitre.org/data/definitions/487.html] ""Reliance on Package-level Scope""

...

SCP00-J. Use as minimal scope as possible for all variables            05. Scope (SCP)            SCP02-J. Do not expose sensitive private members of the outer class from within a nested class