SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Aniket Mokashi

Saved on

compared with

New Version 2

changes.mady.by.user Aniket Mokashi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Java 1.5 supports use of enumerated types, these enums look just like their C , and C++ , and C# counterparts. But, in Java programming language enums are far more powerful than their counterparts in other languages, which are little more than glorified integers. All enums have an ordinal method, which returns the numerical position of each enum constant in its type.

Java Language Specification, in Section 8.9, "Enums" does not specify the use of ordinal() in programs. Improper use of ordinal() method in program logic can cause errors in programs.

Wiki Markup
According to Java API \[[API 2006|AA. Bibliography#API 06]\],
In Javadoc, use of 
ordinal() is defined as


{{public final int}} {{{*}ordinal{*}{}}}{{()}}

returns the ordinal of the enumeration constant (its position in its enum declaration, where the initial constant is assigned an ordinal of zero). Most programmers will have no use for this method. It is designed for use by sophisticated enum-based data structures, such as EnumSet and EnumMap.

Although, it is clearly defined It defines use of ordinal() as a helper function to sophisticated enum-based data-structures EnumSet and EnumMap, poor . Poor understanding of ordinal generally causes errors in the programs.

...

This noncomplaint code example declares enum HydroCarbons and uses its ordinal() method to find the attribute, numberOfCarbons, of enum constants.

Code Block
bgColor#FFcccc
public enum HydroCarbons {	
    METHANE, ETHANE, PROPANE, BUTANE, PENTANE,
    HEXANE, HEPTANE, OCTANE, NONANE, DECANE;

    public int getNumberOfCarbons() {
        return ordinal() + 1;
    }
}
public class TestHC {
    public static void main(String args[]) {
        ...
        HydroCarbons hc = HydroCarbons.HEXANE;
        int index = hc.getNumberOfCarbons();
        int noHyd = NumberOfHydrogen[index]; // Can cause ArrayIndexOutOfBoundsException
    }
}

...

In this compliant solution, we explicitly associate enum constants with corresponding integer values.

Code Block
bgColor#ccccff
public enum HydroCarbons {	
    METHANE(1), ETHANE(2), PROPANE(3), BUTANE(4), PENTANE(5),
    HEXANE(6), BENZENE(6), HEPTANE(7), OCTANE(8), NONANE(9), DECANE(10);

    private final int numberOfCarbons;

    HydroCarbons(int carbons) { this.numberOfCarbons = carbons; }

    public int getNumberOfCarbons() {
        return numberOfCarbons;
    }
}

...

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

DCL11-J

low

probable

medium

P4

L3

Related Guidelines

C Secure Coding Standard: INT09-C. Ensure enumeration constants map to unique values

C++ Secure Coding Standard: INT09-CPP. Ensure enumeration constants map to unique values

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] Section 8.9, "Enums"
\[[API 2006|AA. Bibliography#API 06]\] [Enum|http://download.oracle.com/javase/6/docs/api/java/lang/Enum.html]