...
Wiki Markup |
---|
Unfortunately, a {{Vector}} and an {{Enumeration}} may not always work well together, as is demonstrated in the noncompliant code example. In fact, the Java API \[[API 06|AA. Java References#API 06]\] recommends, "New implementations should consider using Iterator in preference to Enumeration." |
Noncompliant Code Example
This noncompliant example implements a BankOperations
class with a removeAccounts()
method that is used to terminate all the accounts of a particular account holder, as identified by the name. Names can be repeated in the vector if a person has more than one account. The remove()
method attempts to iterate through all the vector entries comparing each entry with the name "Harry".
...
Code Block | ||
---|---|---|
| ||
class BankOperations { private static void removeAccounts(Vector v, String name) { Enumeration e = v.elements(); while (e.hasMoreElements()) { String s = (String) e.nextElement(); if (s.equals(name)) v.remove("Harry"); //Second Harry is not removed! } // Display current account holders System.out.println("The names are:"); e = v.elements(); while (e.hasMoreElements()) System.out.println(e.nextElement()); //Prints Dick, Harry, Tom } public static void main(String args[]) { // List contains a sorted array of account holder names // Repeats are admissible List list = new ArrayList(Arrays.asList( new String[] {"Dick", "Harry", "Harry", "Tom"})); Vector v = new Vector(list); removeAccount(v,"Harry"); } } |
Compliant Solution
Wiki Markup |
---|
According to the Java API \[[API 06|AA. Java References#API 06]\], interface {{Iterator}} documentation: |
...
Code Block | ||
---|---|---|
| ||
class BankOperations { private static void removeAccounts(Vector v, String name) { Iterator i = v.iterator(); while (i.hasNext()) { String s = (String) i.next(); if (s.equals(name)) i.remove(); // Correctly removes all instances of the name Harry } // Display current account holders System.out.println("The names are:"); i = v.iterator(); while (i.hasNext()) System.out.println(i.next()); // Prints Dick, Tom only } public static void main(String args[]) { List list = new ArrayList(Arrays.asList( new String[] {"Dick", "Harry", "Harry", "Tom"})); Vector v = new Vector(list); remove(v,"Harry"); } } |
Risk Assessment
Using Enumerations
when performing remove operations on a vector may cause unexpected program behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC04- J | low | unlikely | medium | P2 | L3 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[API 06|AA. Java References#API 06]\] Interfaces: Enumeration and Iterator \[[Daconta 03|AA. Java References#Daconta 03]\] Item 21: Use Iteration over Enumeration |
...