SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 28

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
  File someFile = new File("someFileName.txt");

  // do something with someFile

  someFile.delete();

Compliant Solution

...

This noncompliant code example ignores the return value while making use of the String.replace method. As a result, the original string is not updated even though it seems otherwise. The String.replace() method does not modify the state of the String but instead, returns a reference to a new String object with the replacements in effectplace.

Code Block
bgColor#FFcccc
public class Ignore {
  public static void main(String[] args) {
    String original = "insecure";
    original.replace( 'i', '9' );
    System.out.println(original);
  }
}

Compliant Solution

The This compliant solution correctly updates the original string String object by assigning to it the return value.

...

Ignoring method return values may lead to erroneous computation which, in turn, may lead to vulnerabilitiesunanticipated program behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP02- J

medium

probable

medium

P8

L2

...