SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 62

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 63

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: files closed properly, in accordance with FIO04-J

...

Code Block
bgColor#FFCCCC
  
// Exception handling has been omitted for the sake of brevity
class EchoServer { 
  public static void main(String[] args) throws IOException {
    ServerSocket serverSocket = null;
    try {
      serverSocket = new ServerSocket(10007); 
      Socket socket = serverSocket.accept();
			
      PrintWriter out = new PrintWriter(socket.getOutputStream(), true); 
      BufferedReader in = new BufferedReader(
                  new InputStreamReader(socket.getInputStream())); 
      String inputLine; 
      while ((inputLine = in.readLine()) != null) { 
        System.out.println(inputLine); 
        out.println(inputLine); 
      }
    } finally {
      try {
        serverSocket.close();
      } catch (IOException x) {
        System.err.println(x.toString());
      }
    }
  }
}

class EchoClient {
  public static void main(String[] args) throws UnknownHostException, IOException {
    Socket socket = null;
    try {
      socket = new Socket("localhost", 9999);
						
      PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
      BufferedReader in = new BufferedReader(
                  new InputStreamReader(socket.getInputStream()));

      BufferedReader stdIn = new BufferedReader(
                   new InputStreamReader(System.in));
			
      String userInput;
      while ((userInput = stdIn.readLine()) != null) {
        out.println(userInput);
        System.out.println(in.readLine());
      } 

    } finally {
      try {
        socket.close();
      } catch (IOException x) {
        System.err.println(x.toString());
      }
    }
  }
}

Note that the sockets are closed in accordance with ERR05-J. Do not let checked exceptions escape from a finally block. While merely printing close exceptions is frowned upon, the exceptions may be suppresed as per EX0 of ERR00-J. Do not suppress or ignore checked exceptions.

...

Code Block
bgColor#CCCCFF
// Exception handling has been omitted for the sake of brevity
class EchoServer {
  public static void main(String[] args) throws IOException {
    SSLServerSocket sslServerSocket = null;
    try {
      SSLServerSocketFactory sslServerSocketFactory =
        (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
      sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(9999);
      SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

      PrintWriter out = new PrintWriter( sslSocket.getOutputStream(),true);
      BufferedReader in = new BufferedReader(
                  new InputStreamReader( sslSocket.getInputStream()));
      
      String inputLine;       
      while ((inputLine = in.readLine()) != null) { 
        System.out.println(inputLine); 
        out.println(inputLine); 
      } 

    } finally {
      try {
        sslServerSocket.close();
      } catch (IOException x) {
        System.err.println(x.toString());
      }
    }
  }
}

class EchoClient {
  public static void main(String[] args) throws IOException {
    SSLSocket sslSocket = null;
    try {
      SSLSocketFactory sslSocketFactory =
        (SSLSocketFactory) SSLSocketFactory.getDefault();
      sslSocket = (SSLSocket) sslSocketFactory.createSocket("localhost", 9999);

      PrintWriter out = new PrintWriter(sslSocket.getOutputStream(), true);
      BufferedReader in = new BufferedReader(
                  new InputStreamReader(sslSocket.getInputStream()));
			
      BufferedReader stdIn = new BufferedReader(
                   new InputStreamReader(System.in));
      
      String userInput;
      while ((userInput = stdIn.readLine()) != null) {
        out.println(userInput);
        System.out.println(in.readLine());
      }
  
    } finally {
      try {
        sslSocket.close();
      } catch (IOException x) {
        System.err.println(x.toString());
      }
    }
  }
}

Note that a program that makes use of SSLSockets will block indefinitely if it tries to connect to a port that is not using SSL. Similarly, a program that does not use SSLSockets will block when trying to establish a connection through a port that uses SSL.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="91a8124db6705728-50ba1c44-45bc4b04-a766b6c1-dd3de5c3e235f9c3a90bf214"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 311

http://cwe.mitre.org/data/definitions/311.html] "Failure to Encrypt Sensitive Data"

]]></ac:plain-text-body></ac:structured-macro>

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="18068178268913d5-4288d104-43b54210-b349adbb-c239e89e958785011ad9f57a"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4b6815cfae2c7276-f7569442-492e4b29-9854b64a-b94d9632d631b0d870d00b8a"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

11.3.3 "Securing RMI Communications"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="88716caf6395963b-f1462824-4ed947de-82b9bcee-670aa14d19d882000f759d63"><ac:plain-text-body><![CDATA[

[[Ware 2008

AA. Bibliography#Ware 08]]

 

]]></ac:plain-text-body></ac:structured-macro>

...