SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 51

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Wiki Markup
According to the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\], section 4.12.4 ""{{final}} Variables"":

... if a final variable holds a reference to an array, then the components of the array may be changed by operations on the array, but the variable will always refer to the same array.

...

Code Block
bgColor#ffcccc
class FinalClass{
  private int a;
  private int b;

  FinalClass(int a, int b){
    this.a = a;
    this.b = b;
  }
  void set_ab(int a, int b){
    this.a = a;
    this.b = b;
  }
  void print_ab(){
    System.out.println(""the value a is: "" + this.a);
    System.out.println(""the value b is: "" + this.b);
  }
}

public class FinalCaller {
  public static void main(String[] args) {
    final FinalClass fc = new FinalClass(1, 2);
    fc.print_ab();
    // change the value of a,b.
    fc.set_ab(5, 6);
    fc.print_ab();
  }
}

...

Code Block
bgColor#ccccff
final public class NewFinal implements Cloneable {
  private int a;
  private int b;

  NewFinal(int a, int b){
    this.a = a;
    this.b = b;
  }
  void print_ab(){
    System.out.println(""the value a is: ""+ this.a);
    System.out.println(""the value b is: ""+ this.b);
  }
  void set_ab(int a, int b){
    this.a = a;
    this.b = b;
  }
  public NewFinal clone() throws CloneNotSupportedException{
    NewFinal cloned = (NewFinal) super.clone();
    return cloned;
  }
}

public class NewFinalCaller {
  public static void main(String[] args) throws CloneNotSupportedException {
    final NewFinal nf = new NewFinal(1, 2);
    nf.print_ab();
    
    // Get the copy of original object
  
    NewFinal nf2 = nf.clone();
    // Change the value of a,b of the copy.
    nf2.set_ab(5, 6);
    // Original value will not be changed
    nf.print_ab();
  }
}

...

Code Block
bgColor#ccccff
private static final String[] items = { ... };
public static final List<String>List&lt;String&gt; itemsList =
Collections.unmodifiableList(Arrays.asList(items));

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] Sections 4.12.4 "&quot;final Variables"&quot; and 6.6, "&quot;Access Control"&quot;
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 13: Minimize the accessibility of classes and members
\[[Core Java 04|AA. Java References#Core Java 04]\] Chapter 6
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 607|http://cwe.mitre.org/data/definitions/607.html] "&quot;Public Static Final Field References Mutable Object"&quot;

...

OBJ02-J. Avoid using finalizers      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;08. Object Orientation (OBJ)      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OBJ04-J. Encapsulate the absence of an object by using a Null Object