The definitions of two constant expressions should be related only when the values they express are also related.
In this noncompliant code example, OUT_STR_LEN must always be exactly 2 greater than IN_STR_LEN. These definitions fail to reflect this requirement:
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = 20; |
In this compliant solution, the relationship between the two values is represented in the definitions:
public static final int IN_STR_LEN = 18; public static final int OUT_STR_LEN = IN_STR_LEN + 2; |
In this noncompliant code example, there appears to be an underlying relationship between the two constants where none exists.
public static final int ADULT_AGE = 18; public static final int ALCOHOL_AGE = ADULT_AGE + 3; |
A programmer performing routine maintenance may modify the definition for ADULT_AGE but fail to recognize the resulting change in the definition for ALCOHOL_AGE.
In this compliant solution, the definitions reflect the independence of the two constants.
public static final int ADULT_AGE = 18; public static final int ALCOHOL_AGE = 21; |
Failure to properly encode relationships in constant declarations can lead to unexpected values and can complicate maintenance.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL57-JG | low | unlikely | high | P1 | L3 |
Automated detection is not currently feasible.
C Secure Coding Standard: DCL08-C. Properly encode relationships in constant definitions
C++ Secure Coding Standard: DCL08-CPP. Properly encode relationships in constant definitions
[JLS 2005] ยง4.12.4, "final Variables"