SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 28

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 29

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp) v1.0

Scope minimization helps in capturing common programming errors, improves code readability by tying together the declaration and actual use of a variable and eases maintainability because unused variables are easily caught and removed.

Noncompliant Code Example

This noncompliant code example shows a variable that is declared outside the for loop. This can harm reusability as the loop index i will change after the for statement. Consider for instance, the case when this code snippet is copy pasted with the intent of using a different index j but the statement mistakenly still iterates over index i. As i is still in scope, this will lead to a unexpected behavior.

Code Block
bgColor#FFcccc
public class Scope {
  public static void main(String[] args) {
    int i = 0;
    for(i = 0; i < 10; i++) {
      // Do operations
    }
  }
}

Compliant Solution

To be compliant, minimize the scope of variables where possible, such as by declaring loop indexes within the for statement.

Code Block
bgColor#ccccff
public class Scope {
  public static void main(String[] args) {
    for(int i = 0; i < 10; i++) { //contains declaration
      // Do operations
    }
  }
}

Additionally, methods should be designed to perform only one operation if possible. This reduces the need for variables existing in overlapping scopes and consequently, helps prevent errors.

Risk Assessment

Using a larger scope than what is necessary results in less reliable code.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SCP00- J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Other Languages

This rule appears in the C Secure Coding Standard as DCL19-C. Use as minimal a scope as possible for all variables and functions.

This rule appears in the C++ Secure Coding Standard as DCL07-CPP. Use as minimal scope as possible for all variables and methods.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JLS 2005|AA. Java References#JLS 05]\] [Section 14.4.2, Scope of Local Variable Declarations|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4.2]
\[[Bloch 2001|AA. Java References#Bloch 01]\] Item 29, Minimize the scope of local variables

05. Scope (SCP)      05. Scope (SCP)      SCP01-J. Do not increase the accessibility of overridden or hidden methods