Java language enumeration types have an ordinal()
method, which returns the numerical position of each enumeration constant in its class declaration.
The _Java Language Specification_ \[[JLS 2005|AA. Bibliography#JLS 05]\] [§8.9, "Enums"|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.9] does not specify the use of {{ordinal()}} in programs. However, using the {{ordinal()}} method to derive the value associated with an enum constant is error-prone and should be avoided. |
According to the Java API \[[API 2006|AA. Bibliography#API 06]\], {{public final int ordinal()}}: |
Returns the ordinal of the enumeration constant (its position in its enum declaration, where the initial constant is assigned an ordinal of zero). Most programmers will have no use for this method. It is designed for use by sophisticated enum-based data structures, such as
EnumSet
andEnumMap
.
This noncompliant code example declares enum Hydrocarbon
and uses its ordinal()
method to provide the result of the getNumberOfCarbons()
method.
enum Hydrocarbon { METHANE, ETHANE, PROPANE, BUTANE, PENTANE, HEXANE, HEPTANE, OCTANE, NONANE, DECANE; public int getNumberOfCarbons() { return ordinal() + 1; } } |
While this noncompliant code example works, its maintenance is susceptible to vulnerabilities. If the enum constants were reordered, the getNumberOfCarbon()
method would return incorrect values. Also, BENZENE
- which also has 6 carbons - cannot be added without violating the current enum design.
In this compliant solution, enum constants are explicitly associated with the corresponding integer values for the number of carbon atoms they contain.
enum Hydrocarbon { METHANE(1), ETHANE(2), PROPANE(3), BUTANE(4), PENTANE(5), HEXANE(6), HEPTANE(7), OCTANE(8), NONANE(9), DECANE(10); private final int numberOfCarbons; Hydrocarbon(int carbons) { this.numberOfCarbons = carbons; } public int getNumberOfCarbons() { return numberOfCarbons; } } |
Use of ordinals to derive integer values reduces the program's maintainability and can lead to errors in the program.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
DCL03-J |
low |
probable |
medium |
P4 |
L3 |
C Secure Coding Standard |
"INT09-C. Ensure enumeration constants map to unique values" |
C++ Secure Coding Standard |
"INT09-CPP. Ensure enumeration constants map to unique values" |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="979fb6c4-10c6-4755-a757-2db3cee8b5d9"><ac:plain-text-body><![CDATA[ |
[[JLS 2005 |
AA. Bibliography#JLS 05] |
[§8.9, "Enums" |
http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.9] |
]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8cf98b59-6cf1-4e55-adf9-1ba98a0f48dc"><ac:plain-text-body><![CDATA[ |
[[API 2006 |
AA. Bibliography#API 06]] |
[Enum |
http://download.oracle.com/javase/6/docs/api/java/lang/Enum.html] |
]]></ac:plain-text-body></ac:structured-macro> |
DCL02-J. Enable compile-time type checking of varargs types 01. Declarations and Initialization (DCL)