Audit - Rules - Semantic Errors

This group contains audit rules that report coding practices that often indicate that the code will not perform the way the program might expect.



Container Should Not Contain Itself As Element

Re-adding objects in a container to its contents is usually a typo which could result in an inpredicted behaviour of a code.

This audit rule violates container storing operations such as addAll() or removeAll() when they are invoked with the same container as an argument.

Security Implications
Such invocation is usually a typo which indicates a plain error in a logic of the code. Such code will not function as expected and could result in any security threat from Denial of Service to data leaks when used in security-sensitive areas.

The following method is supposed to remove all banned users from the given list of users trying to access secure data but will fail because of the typo; this typo would thus be marked as violation:

    protected void filterBannedUsers(List allUsers) {
        List bannedUsers = new ArrayList();
        for (Iterator i = allUsers.iterator(); i.hasNext();) {
            User user = (User);
            if (isBanned(user)) {

Null Pointer Dereference