SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 48

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 49

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Also see the related rule MET06-J. Do not invoke overridable methods in clone().

Noncompliant Code Example

This noncompliant code example invokes an overridable method from the readObject() method.

Code Block
bgColor#FFCCCC
private void readObject(final ObjectInputStream stream) throws 
    IOException, ClassNotFoundException {
  overridableMethod(); 
  stream.defaultReadObject();
}

public void overridableMethod() {
  // ...
}

Compliant Solution

This compliant solution removes the call to the overridable method. When removing such calls is infeasible, ensure that the method is declared private or final.

Code Block
bgColor#ccccff
private void readObject(final ObjectInputStream stream) throws 
    IOException, ClassNotFoundException {
  stream.defaultReadObject();
}

Exceptions

Wiki Markup
*SER09-EX0:* The {{readObject()}} method may invoke the overridable method {{java.io.ObjectInputStream.defaultReadObject()}} \[[SCG 2009|AA. Bibliography#SCG 09]\].

Risk Assessment

Invoking overridable methods from the readObject() method can lead to initialization errors.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER09-J

low

probable

medium

P4

L3

Related Guidelines

Secure Coding Guidelines for the Java Programming Language, Version 3.0

Guideline 4-4 Prevent constructors from calling methods that can be overridden

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c19c09d3d37cedea-81a8fb98-455345b8-a25784da-6803f3bf095ef8445beff975"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b5c7845317188c86-d7793ae2-430b4d4d-9590b395-d60998fd81a62e15f677419a"><ac:plain-text-body><![CDATA[

[[Bloch 2008

AA. Bibliography#Bloch 08]]

Item 17: "Design and document for inheritance or else prohibit it"

]]></ac:plain-text-body></ac:structured-macro>

...