The definitions of two constant expressions should be related only related exactly when the values they express are also related.
Noncompliant Code Example
In this noncompliant code example, OUT_STR_LEN
must always be exactly 2 two greater than IN_STR_LEN
. These definitions fail to reflect this requirement:
Code Block | ||
---|---|---|
| ||
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = 20; |
Compliant Solution
In this compliant solution, the relationship between the two values is represented in the definitions:
Code Block | ||
---|---|---|
| ||
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = IN_STR_LEN + 2; |
Noncompliant Code Example
In this noncompliant code example, there appears to be an underlying relationship between the two constants where none exists.:
Code Block | ||
---|---|---|
| ||
public static final int ADULTVOTING_AGE = 18; public static final int ALCOHOL_AGE = ADULTVOTING_AGE + 3; |
A programmer performing routine maintenance may modify the definition for ADULTVOTING_AGE
but fail to recognize the resulting change in the definition for ALCOHOL_AGE
.
Compliant Solution
In this compliant solution, the definitions reflect the independence of the two constants.:
Code Block | ||
---|---|---|
| ||
public static final int ADULTVOTING_AGE = 18; public static final int ALCOHOL_AGE = 21; |
Risk Assessment
Failure to properly encode relationships in constant declarations can lead to unexpected values and can complicate maintenance.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL57-JG | low | unlikely | high | P1 | L3 |
Automated Detection
Automated detection is not currently feasible.
...
C Secure Coding Standard: DCL08-C. Properly encode relationships in constant definitions
C++ Secure Coding Standard: DCL08-CPP. Properly encode relationships in constant definitions
Bibliography
[JLS |
...
...
DCL56-JG. Use meaningful symbolic constants to represent literal values in program logic 01. Declarations and Initialization (DCL) DCL61-JG. Do not apply public final to constants whose value might change