SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 3

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
class BaseClass {
  public BaseClass() {
    doLogic();
  }
	
  public final void doLogic() {
    System.out.println("This is super-class!");
  }	
}

Risk Assessment

TODOAllowing a constructor to call overridable methods may give an attacker access to this before an object is fully initialized which, in turn, could lead to a vulnerability.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET32-J

?? medium ??

probable

?? medium

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
JLS, Chapter 8
\[[JLS 05|AA. Java References#JLS 05]\] Chapter 8, Classes
\[[SCG 07|AA. Java References#SCG 07]\] Guideline 4-3 Prevent constructors from calling methods that can be overridden