SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Fred Long

Saved on

compared with

New Version 4

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Assertions are primarily intended for use during debugging , and are generally turned off before code is deployed by using the -disableassertions (or -da) java option. Consequently, assertions should be used to protect against incorrect programmer assumptions and not for runtime error checking.

...

  • invalid user input (including command-line arguments and environment variables)
  • file errors (for example, errors opening, reading, or writing files)
  • network errors (including network protocol errors)
  • Wiki Markup
    out-of-memory conditions (when the Java Virtual Machine \[JVM\] cannot allocate space for a new object and the garbage collector cannot make sufficient space available)
  • system resource exhaustion (for example, out-of-file descriptors, processes, threads)
  • system call errors (for example, errors executing files, locking or unlocking mutexes)
  • invalid permissions (for example, file, memory, user)

Code that protects against an input/output error, for example, cannot be implemented as an assertion because this code it must be presented in the deployed executable.

In particular, assertions are generally unsuitable for server programs or embedded systems in deployment. A failed assertion can lead to a denial-of-service (DoS) attack if triggered by a malicious user. In such situations, a soft failure mode, such as writing to a log file and rejecting the request, is more appropriate.

...

This noncompliant code example uses the assert() statement to verify that input was available. Because input availability depends on the user and can become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. Therefore, using the assert() statement to verify that input was available would be inappropriate because doing so might lead to an abrupt termination of the process, opening up the possibility of a denial-of-service DoS attack.

Code Block
bgColor#FFcccc
BufferedReader br;

// Set up the BufferedReader br

String line;

// ...

line = br.readLine();

assert line != null;

Compliant Solution

The This compliant solution below demonstrates how to detect and handle possible input unavailability.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e838bdda3fc62f5a-70232671-4f3a4b0a-aecc8b2d-340cd66196f2b64dfdffb310"><ac:plain-text-body><![CDATA[

[[JLS 2011

AA. References#JLS 11]]

Section 14.10 The assert Statement

]]></ac:plain-text-body></ac:structured-macro>