SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 7

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Reuse of names leads to shadowing, that is, the names in the current scope mask those defined elsewhere. This creates ambiguity especially when the originals need to be used and also leaves the code hard to maintain. The problem gets aggravated when the reused name is defined in a different package.

Noncompliant Code Example

This noncompliant example implements a class that reuses the name of class java.util.Vector. The intent of this class is to introduce a different condition for the isEmpty method for native legacy code interfacing. A future programmer may not know about this extension and may incorrectly use the Vector idiom to use the original Vector class. This behavior is clearly undesirable.

...

Code Block
bgColor#FFcccc
class Vector {
private int val = 1;
  public boolean isEmpty() {
    if(val == 1)   //compares with 1 instead of 0
      return true;
    else
      return false;
  }
  //other functionality is same as java.util.Vector
}

public class VectorUser {
  public static void main(String[] args) {
    Vector v = new Vector();
    if(v.isEmpty())
      System.out.println("Vector is empty");
  }
}

Compliant Solution

As a tenet, do not:

  • Reuse the name of a superclass
  • Reuse the name of an interface
  • Reuse the name of a field defined in a superclass
  • Reuse the name of a field that appears in the same method (in different scope)

...

Code Block
bgColor#ccccff
class MyVector {
  //other code
}

Risk Assessment

Reusing names leads to code that is harder to read and maintain and may result in security weaknesses.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SCP03-J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C Secure Coding Standard as DCL01-C. Do not reuse variable names in subscopes.

This rule appears in the C++ Secure Coding Standard as DCL01-CPP. Do not reuse variable names in subscopes.

References

Wiki Markup
\[[Bloch 08|AA. Java References#Bloch 08]\] Puzzle 67: All Strung Out
\[[FindBugs 08|AA. Java References#FindBugs 08]\]:
Nm: Class names shouldn't shadow simple name of implemented interface  
Nm: Class names shouldn't shadow simple name of superclass
MF: Class defines field that masks a superclass field
MF: Method defines a variable that obscures a field

...