Scope minimization helps developers to avoid common programming errors, improves code readability by tying together the declaration and actual use of a variable, and improves maintainability because unused variables are more easily detected and removed.
This noncompliant code example shows a variable that is declared outside the for loop. This reduces reusability because the value of the loop index i will have changed after the for statement. Consider for instance, the case when this code snippet is copied and pasted with the intent to use a different index j. If index variable change is omitted, the new loop would then attempt to iterate over index i. Unexpected behavior may follow because i remains in scope.
| 
public class Scope {
  public static void main(String[] args) {
    int i = 0;
    for(i = 0; i < 10; i++) {
      // Do operations
    }
  }
}
 | 
Minimize the scope of variables where possible, for example by declaring loop indexes within the for statement.  
| 
public class Scope {
  public static void main(String[] args) {
    for(int i = 0; i < 10; i++) { //contains declaration
      // Do operations
    }
  }
}
 | 
Additionally, methods should be designed to perform only one operation if possible. This reduces the need for variables existing in overlapping scopes and consequently, helps prevent errors.
Using a larger scope than what is necessary results in less reliable code.
| Guideline | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| SCP00-J | low | unlikely | medium | P2 | L3 | 
Detecting local variables that are declared in a larger scope than is required by the as-written code is straightforward, and can avoid any possibility of false positives.
Detecting multiple for statements that use the same index variable is straightforward; it will produce false positives in the unusual case where this was intended by the programmer.
This guideline appears in the C Secure Coding Standard as DCL19-C. Use as minimal a scope as possible for all variables and functions.
This guideline appears in the C++ Secure Coding Standard as DCL07-CPP. Use as minimal scope as possible for all variables and methods.
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
| \[[Bloch 2001|AA. Bibliography#Bloch 01]\] Item 29, Minimize the scope of local variables \[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 14.4.2, Scope of Local Variable Declarations|http://java.sun.com/docs/books/jls/third_edition/html/statements.html#14.4.2] | 
05. Scope (SCP) 05. Scope (SCP) SCP01-J. Do not increase the accessibility of overridden or hidden methods