You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Reuse of names leads to shadowing, that is, the names in the current scope mask those defined elsewhere. This creates ambiguity especially when the originals need to be used and also leaves the code hard to maintain. The problem gets aggravated when the reused name is defined in a different package.

Noncompliant Code Example

This noncompliant example implements a class that reuses the name of class java.util.Vector. The intent of this class is to introduce a different condition for the isEmpty method for native legacy code interfacing. A future programmer may not know about this extension and may incorrectly use the Vector idiom to use the original Vector class. This behavior is clearly undesirable.

Well defined import statements do resolve these issues but may get confusing when the reused name is defined in a different package. Moreover, a common (and misleading) tendency is to include the import statements after writing the code (many IDEs allow automatic inclusion as per requirements). As a result, such instances can go undetected.

class Vector {
private int val = 1;
  public boolean isEmpty() {
    if(val == 1)   //compares with 1 instead of 0
      return true;
    else
      return false;
  }
  //other functionality is same as java.util.Vector
}

public class VectorUser {
  public static void main(String[] args) {
    Vector v = new Vector();
    if(v.isEmpty())
      System.out.println("Vector is empty");
  }
}

Compliant Solution

As a tenet, do not:

  • Reuse the name of a superclass
  • Reuse the name of an interface
  • Reuse the name of a field defined in a superclass
  • Reuse the name of a field that appears in the same method (in different scope)

This compliant solution declares the class Vector with a different name:

class MyVector {
  //other code
}

Risk Assessment

Reusing names leads to code that is harder to read and maintain and may result in security weaknesses.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SCP03-J

low

unlikely

medium

P??

L??

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C Secure Coding Standard as DCL01-C. Do not reuse variable names in subscopes.

This rule appears in the C++ Secure Coding Standard as DCL01-CPP. Do not reuse variable names in subscopes.

References

[[Bloch 08]] Puzzle 67: All Strung Out
[[FindBugs 08]]:
Nm: Class names shouldn't shadow simple name of implemented interface
Nm: Class names shouldn't shadow simple name of superclass
MF: Class defines field that masks a superclass field
MF: Method defines a variable that obscures a field

  • No labels