You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 38 Next »

Scope minimization helps developers to avoid common programming errors, improves code readability by tying together the declaration and actual use of a variable, and improves maintainability because unused variables are more easily detected and removed.

Noncompliant Code Example

This noncompliant code example shows a variable that is declared outside the for loop. This reduces reusability because the value of the loop index i will have changed after the for statement. Consider, for instance, the case when this code snippet is copied and pasted with the intent to use a different index j. If the index variable change were omitted, the new loop would then attempt to iterate over index i. Unexpected behavior can follow because i remains in scope.

public class Scope {
  public static void main(String[] args) {
    int i = 0;
    for (i = 0; i < 10; i++) {
      // Do operations
    }
  }
}

Compliant Solution

Minimize the scope of variables where possible, for example, by declaring loop indexes within the for statement.

public class Scope {
  public static void main(String[] args) {
    for (int i = 0; i < 10; i++) { //contains declaration
      // Do operations
    }
  }
}

Risk Assessment

Using a larger scope than is necessary results in less reliable code.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SCP00-J

low

unlikely

medium

P2

L3

Automated Detection

Detecting local variables that are declared in a larger scope than is required by the as-written code is straightforward and can avoid any possibility of false positives.

Detecting multiple for statements that use the same index variable is straightforward; it will produce false positives in the unusual case where this was intended by the programmer.

Related Guidelines

C Secure Coding Standard: DCL19-C. Use as minimal a scope as possible for all variables and functions

C++ Secure Coding Standard: DCL07-CPP. Use as minimal scope as possible for all variables and methods

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

[[Bloch 2001]] Item 29, Minimize the scope of local variables
[[JLS 2005]] Section 14.4.2, "Scope of Local Variable Declarations"


05. Scope (SCP)      05. Scope (SCP)      SCP01-J. Do not increase the accessibility of overridden or hidden methods

  • No labels