Scope minimization helps to capture common programming errors, improves code readability by tying together the declaration and actual use and eases maintainability since unused variables are easily caught and removed.
Noncompliant Code Example
This noncompliant example shows a variable that is declared outside the for loop. This can harm reusability since the loop index i will change after the for statement. Consider for instance, if this code snippet is copy pasted with the intent of using a different index j but the statement mistakenly still iterates over index i. Since i is still in scope, this will lead to a rather obtuse outcome.
| Code Block | ||
|---|---|---|
| ||
public class Scope {
public static void main(String[] args) {
int i=0;
for(i=0;i<10;i++) {
//do operations
}
}
}
|
Compliant Solution
To be compliant, minimize scope where possible, such as by declaring loop indexes within the for statement.
| Code Block | ||
|---|---|---|
| ||
public class Scope {
public static void main(String[] args) {
for(int i=0;i<10;i++) { //contains declaration
//do operations
}
}
}
|
Additionally, methods should be designed for only one operation if possible. This simplicity avoids variables from existing in overlapping scopes.
Risk Assessment
Using a larger scope than necessary results in less reliable code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SCP00- J | low | unlikely | medium | P2 | L3 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[JLS 05|AA. Java References#JLS 05]\] [Section 14.4.2, Scope of Local Variable Declarations|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4.2] \[[Bloch 01|AA. Java References#Bloch 01]\] Item 29, Minimize the scope of local variables |
04. Scope (SCP) 04. Scope (SCP) SCP01-J. Declare sensitive methods private or final, fields private and final, and classes to be final