Java Developer Tools

Audit - Rules - Semantic Errors

Description
This group contains audit rules that report coding practices that often indicate that the code will not perform the way the program might expect.

Rules:

Details

Container Should Not Contain Itself As Element

Summary
Re-adding objects in a container to its contents is usually a typo which could result in an inpredicted behaviour of a code.

Description
This audit rule violates container storing operations such as addAll() or removeAll() when they are invoked with the same container as an argument.

Security Implications
Such invocation is usually a typo which indicates a plain error in a logic of the code. Such code will not function as expected and could result in any security threat from Denial of Service to data leaks when used in security-sensitive areas.

Example
The following method is supposed to remove all banned users from the given list of users trying to access secure data but will fail because of the typo; this typo would thus be marked as violation:

    protected void filterBannedUsers(List allUsers) {
        List bannedUsers = new ArrayList();
        for (Iterator i = allUsers.iterator(); i.hasNext();) {
            User user = (User) i.next();
            if (isBanned(user)) {
                bannedUsers.add(user);
            }
        }
    }

Null Pointer Dereference

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.