...
Consequently, invocation of an overridable method during object construction may result in the use of uninitialized data, leading to runtime exceptions or to unanticipated outcomes. Calling overridable methods from constructors can also leak the this reference before object construction is complete, potentially exposing uninitialized or inconsistent data to other threads. See rule TSM01-J. Do not let the (this) reference escape during object construction for additional information. As a result, constructors may invoke only methods that are final or private; all other method invocations are forbidden.
Noncompliant Code Example
This noncompliant code example results in the use of uninitialized data by the doLogic() method.
...
The doLogic() method is invoked from the superclass's constructor. When the superclass is constructed directly, the doLogic() method in the superclass is invoked and executes successfully. However, when the subclass initiates the superclass's construction, the subclass's doLogic() method is invoked instead. In this case, the value of color is still null because the subclass's constructor has not yet concluded.
Compliant Solution
This compliant solution declares the doLogic() method as final so that it cannot be overridden.
| Code Block | ||
|---|---|---|
| ||
class SuperClass {
public SuperClass() {
doLogic();
}
public final void doLogic() {
System.out.println("This is superclass!");
}
}
|
Risk Assessment
Allowing a constructor to call overridable methods may give an attacker access to the this reference before an object is fully initialized, which in turn could lead to a vulnerability.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MET04-J | medium | probable | medium | P8 | L2 |
Automated Detection
Automated detection of constructors that contain invocations of overridable methods appears to be straightforward.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9eadadf56faf1daa-903fc2ed-4c404f23-83ee848b-8fe5cb020dfc33482e05649a"><ac:plain-text-body><![CDATA[ | [[ESA 2005 | AA. Bibliography#ESA 05]] | Rule 62: Do not call non-final methods from within a constructor | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6724aa1d3d4175ec-682dd252-4e6f48dd-bfeba624-9dc9d5cb7f0fb7e79479420b"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Chapter 8, Classes | http://java.sun.com/docs/books/jls/third_edition/html/classes.html], 12.5 "Creation of New Class Instances" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6387e39164d62691-1a377d0e-45e2450d-a27e9db1-7f0271d8ae82f61922a06db2"><ac:plain-text-body><![CDATA[ | [[Rogue 2000 | AA. Bibliography#Rogue 00]] Rule 81: | Do not call non-final methods from within a constructor | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f7d6635806c246e1-7a200c97-4fab41ef-b8d1a2c8-3f7caca05baf210757a16db2"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 4-3, Prevent constructors from calling methods that can be overridden | ]]></ac:plain-text-body></ac:structured-macro> |
...