SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user Will Klieber

Saved on

compared with

New Version 17

changes.mady.by.user Will Klieber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixed code examples to comply with ERR00-J

...

Code Block
bgColor#FFcccc
languagejava
import java.io.*;

class OpenedFile implements Serializable {
  public String filename;
  public BufferedReader reader;

  public OpenedFile(String _filename) throws FileNotFoundException {
    filename = _filename;
    init();
  }
  private void init() {
throws   FileNotFoundException try {
      reader = new BufferedReader(new FileReader(filename));
    } catch (FileNotFoundException e) { }
  }
    
  private void writeObject(ObjectOutputStream out) throws IOException {
    out.writeUTF(filename);
  }

  private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
    filename = in.readUTF();
    init();
  }
}

...

Code Block
bgColor#ccccff
languagejava
import java.io.*;
 
interface Whitelist {
  public boolean has(String className);
}
 
class WhitelistedObjectInputStream extends ObjectInputStream {
  Whitelist whitelist;
 
  public WhitelistedObjectInputStream(InputStream inputStream) throws IOException {
    super(inputStream);
  }
 
  public void setWhitelist(Whitelist wl) {
    whitelist = wl;
  }
}
  
class OpenedFile implements Serializable {
  public String filename;
  public BufferedReader reader;
  public OpenedFile(String _filename) throws FileNotFoundException {
    filename = _filename;
    init();
  }
  private void init() {
    trythrows FileNotFoundException {
      reader = new BufferedReader(new FileReader(filename));
    } catch (FileNotFoundException e) { }
  }
    
  private void writeObject(ObjectOutputStream out) throws IOException {
    out.writeUTF(filename);
  }
  private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
    boolean isWhitelisted = ((in instanceof WhitelistedObjectInputStream) &&
      ((WhitelistedObjectInputStream) in).whitelist.has(this.getClass().getName()));
    if (!isWhitelisted) {
      throw new SecurityException("Attempted to deserialize unexpected class.");
    }
    filename = in.readUTF();
    init();
  }
}

...