SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The definitions of two constant expressions should be related related exactly when and only when the values they express are also related.

Noncompliant Code Example

In this noncompliant code example, OUT_STR_LEN must always be exactly two greater than IN_STR_LEN. The These definitions fail to reflect this requirement. :

Code Block
bgColor#FFcccc

public static final int IN_STR_LEN = 18;
public static final int OUT_STR_LEN = 1220;

Compliant Solution

The In this compliant solution, the relationship between the two values should be is represented in the definitions.:

Code Block
bgColor#ccccff

public static final int IN_STR_LEN = 18;
public static final int OUT_STR_LEN = IN_STR_LEN + 2;

Noncompliant Code Example

In this noncompliant code example, there appears to be an underlying relationship between the two constants , when in fact there is none.where none exists:

Code Block
bgColor#FFcccc

public static final int ADULTVOTING_AGE = 18;
public static final int ALCOHOL_AGE = ADULTVOTING_AGE + 3;

A programmer performing routine maintenance may modify the definition for ADULTVOTING_AGE but fail to recognize the resulting change in the definition for ALCOHOL_AGE.

Compliant Solution

The definitions should In this compliant solution, the definitions reflect the independence of the two constants.:

Code Block
bgColor#ccccff

public static final int ADULTVOTING_AGE = 18;
public static final int ALCOHOL_AGE = 21;

Risk Assessment

Failure to properly encode relationships in constant declarations can lead to unexpected values and can complicate maintenance.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

DCL03-J

low

unlikely

high

P1

L3

Related Guidelines

C Secure Coding Standard: DCL08-C. Properly encode relationships in constant definitions

C++ Secure Coding Standard: DCL08-CPP. Properly encode relationships in constant definitions

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 4.12.4|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.12.4]

[JLS 2013]§4.12.4, "final Variables"

 

...

Image Added Image Added Image AddedDCL02-J. Use meaningful symbolic constants to represent literal values in program logic      03. Declarations and Initialization (DCL)      DCL04-J. Do not apply public final to constants whose value might change in the future