SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 63

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 64

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
In this noncompliant code example \[[Bloch 2005|AA. Bibliography#BlochReferences#Bloch 05]\], a class with singleton semantics uses the default serialized form, which fails to enforce any implementation-defined invariants. Consequently, malicious code can create a second instance even though the class should have only a single instance. For purposes of this example, we assume that the class contains only nonsensitive data.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5e7fd4e1e6bc1b49-de542686-487e44d7-8645924e-3d9b6ae7f1fa405ed4f8d2e7"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API References#API 06]]

Class Object, Class Hashtable

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="401d2c1ec4cbc1ba-d99e7b5e-47ee43a4-9818b747-c55f0358d4ee1f2ca6cc00e7"><ac:plain-text-body><![CDATA[

[[Bloch 2008

AA. Bibliography#Bloch References#Bloch 08]]

Item 75, Consider using a custom serialized form

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0e2b2dc4db6c5e5b-f202826f-4e62467d-858488b5-30d9f3548e4c9fde2abbd21c"><ac:plain-text-body><![CDATA[

[[Greanier 2000

AA. Bibliography#Greanier References#Greanier 00]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0762892d0c7e4a7b-a0c365eb-411e4a18-954ab904-6f11e686dba965cb3b39104f"><ac:plain-text-body><![CDATA[

[[Harold 1999

AA. Bibliography#Harold References#Harold 99]]

Chapter 11, Object Serialization, Validation

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="89834afff63ee19a-f529d64b-412549a0-8ebe9e0f-896c376c717c9e89e5908404"><ac:plain-text-body><![CDATA[

[[Hawtin 2008

AA. Bibliography#Hawtin References#Hawtin 08]]

Antipattern 8. Believing deserialisation is unrelated to construction

]]></ac:plain-text-body></ac:structured-macro>

...