SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 79

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version Current

changes.mady.by.user Joseph C. Sible

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: simplify the noncompliant example

Wiki Markup According to the The Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], §12, §12.5, "Creation of New Class Instances," [JLS 2015]:

Unlike C++, the Java programming language does not specify altered rules for method dispatch during the creation of a new class instance. If methods are invoked that are overridden in subclasses in the object being initialized, then these overriding methods are used, even before the new object is completely initialized.

Invocation of an overridable method during object construction may result in the use of uninitialized data, leading to runtime exceptions or to unanticipated outcomes. Calling overridable methods from constructors can also leak the this reference before object construction is complete, potentially exposing uninitialized or inconsistent data to other threads . See rule (see TSM01-J. Do not let the ( this ) reference escape during object construction for additional information). As a result, constructors a class's constructor must not invoke (directly or indirectly) only methods in that class that are not static, final or private.

Noncompliant Code Example

This noncompliant code example results in the use of uninitialized data by the doLogic() method.:

Code Block
bgColor#FFcccc

class SuperClass {
  public SuperClass () {
    doLogic();
  }

  public void doLogic() {
    System.out.println("This is superclass!");
  }
}

class SubClass extends SuperClass {
  private String color = null;
  public SubClass() {
    super();
    color = "Redred";
  }

  public void doLogic() {
    // Color becomes null
    System.out.println("This is subclass! The color is :" + color);
    // ...
  }
}

public class Overridable {
  public static void main(String[] args) {
    SuperClass bc = new SuperClass();
    // Prints "This is superclass!"
    SuperClass sc = new SubClass();
    // Prints "This is subclass! The color is :null"
  }
}

...

This compliant solution declares the doLogic() method as final so that it cannot be overridden.:

Code Block
bgColor#ccccff

class SuperClass {
  public SuperClass() {
    doLogic();
  }

  public final void doLogic() {
    System.out.println("This is superclass!");
  }
}

...

Allowing a constructor to call overridable methods may give can provide an attacker with access to the this reference before an object is fully initialized, which in turn could lead to a vulnerability.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET05-J

medium

Medium

probable

Probable

medium

Medium

P8

L2

Automated Detection

Automated detection of constructors that contain invocations of overridable methods appears to be is straightforward.

Related Guidelines

ToolVersionCheckerDescription
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6052
SonarQube
Include Page
SonarQube_V
SonarQube_V
S1699Constructors should only call non-overridable methods
SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTORImplemented (since 4.5.0)


Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="20b115b8-ddee-4b9c-93b9-cd2826613886"><ac:plain-text-body><![CDATA[

[

ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"

Inheritance [RIP]

"

]]></ac:plain-text-body></ac:structured-macro>

Bibliography

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 7-4 / OBJECT-4: Prevent constructors from calling methods that can be overridden

Bibliography

[ESA 2005]

Rule 62, Do not call nonfinal methods from within a constructor

[JLS 2015]

Chapter 8, "Classes"
§12.5, "Creation of New Class Instances"

[Rogue 2000]

Rule 81,

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b624c086-e067-4b96-b715-03281745ae91"><ac:plain-text-body><![CDATA[

[[ESA 2005

AA. Bibliography#ESA 05]]

Rule 62: Do not call non-final methods from within a constructor

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="da43788c-f911-4c36-9b13-3c0dcf96ed5f"><ac:plain-text-body><![CDATA[

[[JLS 2005

AA. Bibliography#JLS 05]]

[Chapter 8, Classes

http://java.sun.com/docs/books/jls/third_edition/html/classes.html], §12.5 "Creation of New Class Instances"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="269c8782-8a8d-4557-bb11-97f03197ffeb"><ac:plain-text-body><![CDATA[

[[Rogue 2000

AA. Bibliography#Rogue 00]] Rule 81:

Do not call non-final methods from within a constructor

]]></ac:plain-text-body></ac:structured-macro>

Secure Coding Guidelines for the Java Programming Language, Version 3.0

Guideline 4-4 Prevent constructors from calling methods that can be overridden


...

Image Removed      05. Methods (MET)      Image Added Image Added