SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 6

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example

This noncompliant code example allows a subclass to override the readSensitiveFile() method and omit the required security check.

Code Block
bgColor#FFcccc
public void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if(sm != null) {  // checkCheck if file can be read
      sm.checkRead("/temp/tempFile");
    } 
    // accessAccess the file
  } catch (SecurityException se) { 
    //* logLog exception  
 */ }
}

Compliant Solution

This compliant solution prohibits inheritance of the readSensitiveFile() method by declaring it final.

Code Block
bgColor#ccccff
public final void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if(sm != null) {  // check if file can be read
      sm.checkRead("/temp/tempFile");
    } 
    // accessAccess the file
  } catch (SecurityException se) { 
    /*/ logLog exception 
 */ }
}

Compliant Solution

This compliant solution prohibits inheritance of the readSensitiveFile() method by declaring it private.

Code Block
bgColor#ccccff
private void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if(sm != null) {  // check if file can be read
      sm.checkRead("/temp/tempFile");
    } 
    // accessAccess the file
  } catch (SecurityException se) { 
    /*/ logLog exception 
 */ }
}

Exceptions

EX1: Classes that are declared final are exempt from this guideline as they imply that the contained methods cannot be overridden.

...