SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 22

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example attempt attempts to delete a file, but does not check that the operation succeeds.

...

Code Block
bgColor#FFcccc
public class Ignore {
  public static void main(String[] args) {
    String original = "insecure";
    original.replace( 'i', '9' );
    System.out.println (original);
  }
}

Compliant Solution

...

Code Block
bgColor#ccccff
public class DoNotIgnore {
  public static void main(String[] args) {
    String original = "insecure";
    original = original.replace( 'i', '9' );
    System.out.println (original);
  }
}

Yet another Another source of coding bugs caused by ignoring return values is detailed in FIO03-J. Keep track of bytes read and account for character encoding while reading data.

...

Ignoring method return values may lead to erroneous computation which, in turn, may lead to security risksvulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP02-J

medium

probable

medium

P8

L2

...