SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 97

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 98

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
class UnmodifiableDateView extends Date {
  private Date date;

  public UnmodifiableDateView(Date date) {
    this.date = date;
  }

  public void setTime(long date) {
    throw new UnsupportedOperationException();
  }

  // Override all other mutator methods to throw UnsupportedOperationException
}

public final class MutableClass {
  private Date date;

  public MutableClass(Date d) {
    this.date = d;
  }

  public void setDate(Date d) {
    this.date = (Date) d.clone();
  }

  public UnmodifiableDateView getDate() {
    return new UnmodifiableDateView(date);
  }
}

Exceptions

OBJ08OBJ04-EX1: Sensitive classes should not be cloneable, per rule "OBJ03-J. Sensitive classes must not let themselves be copied."

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ08 OBJ04-J

low

likely

medium

P6

L2

Automated Detection

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="33880be97adecbeb-88810f8c-4d4c40ea-988ca697-d8d745c2acc84ac95563e287"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-374

http://cwe.mitre.org/data/definitions/374.html] "Passing Mutable Objects to an Untrusted Method" and [CWE-375

http://cwe.mitre.org/data/definitions/375.html] "Returning a Mutable Object to an Untrusted Caller"

]]></ac:plain-text-body></ac:structured-macro>

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="068c52da98b3b3c3-b549c55a-4337446c-b813a798-71fe85631c0774e97af7640e"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method clone()

http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="458db27b166c765a-d7f0ce2f-44954dd3-bf87a3e6-d87270e6b37a7d7b12391b45"><ac:plain-text-body><![CDATA[

[[Bloch 2008

AA. Bibliography#Bloch 08]]

Item 39: Make defensive copies when needed and Item 11: Override clone judiciously

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b7db34863af742f5-c478c0ec-4a844bff-b92290fe-f7028a768e8939c15a10931f"><ac:plain-text-body><![CDATA[

[[SCG 2007

AA. Bibliography#SCG 07]]

Guideline 2-2 Support copy functionality for a mutable class

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="69dfa483ba48f7bc-531f2a1a-4320435e-aa74b654-0765b49456d89f7c9b1b14a0"><ac:plain-text-body><![CDATA[

[[SCG 2009

AA. Bibliography#SCG 09]]

Guideline 2-3 Support copy functionality for a mutable class

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="aaa752c50c115f94-7577ecb1-4d2449cf-8869aea0-9c699108d543d42b51cdf80d"><ac:plain-text-body><![CDATA[

[[Security 2006

AA. Bibliography#Security 06]]

]]></ac:plain-text-body></ac:structured-macro>

...