The definitions of two constant expressions should be related if and only if the values they are expressing are also related.
Noncompliant Code Example
In this noncompliant example, OUT_STR_LEN must always be exactly two greater than IN_STR_LEN. However, this is not obvious from the definitions.
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = 20;
Compliant Solution
Instead, the relationship between the two values should be represented in the definitions.
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = IN_STR_LEN + 2;
Noncompliant Code Example
In this noncompliant example, there appears to be an underlying relationship between the two constants, but there is not.
public static final int ADULT_AGE = 18; public static final int ALCOHOL_AGE = ADULT_AGE + 3;
Compliant Solution
Instead, the definitions should reflect the lack of a relationship between the two constants.
public static final int ADULT_AGE = 18; public static final int ALCOHOL_AGE = 21;
Risk Assessment
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL05-J |
low |
unlikely |
high |
P1 |
L3 |
Other Languages
This rule appears in the C Secure Coding Standard as DCL08-C. Properly encode relationships in constant definitions.
This rule appears in the C++ Secure Coding Standard as DCL08-CPP. Properly encode relationships in constant definitions.