Java Reference
In-Depth Information
Applicability
Attackers frequently exploit file-related vulnerabilities tocause programs toaccess anun-
intended file. Proper file identification is necessary to prevent exploitation.
Bibliography
[API 2013]
Class
java.io.File
Interface
java.nio.file.Path
Class
java.nio.file.Files
Interface
java.nio.file.attribute.BasicFileAttributes
[Long 2012]
FIO00-J. Do not operate on files in shared directories
28. Do not attach significance to the ordinal associated with an enum
Java language enumeration types have an
ordinal()
method that returns the numerical
position of each enumeration constant in its class declaration.
According to the Java API, Class
Enum<E extends Enum<E>>
[API 2013],
public
final int ordinal()
returns the ordinal of the enumeration constant (its position in its enum declaration,
where the initial constant is assigned an ordinal of zero). Most programmers will
have no use for this method. It is designed for use by sophisticated enum-based data
structures, such as
EnumSet
and
EnumMap
.
The Java Language Specification (JLS), §8.9, “Enums” [JLS 2013], does not specify
the use of
ordinal()
in programs. However, attaching external significance to the
or-
dinal()
value of an
enum
constant is error prone and should be avoided for defensive
programming.
Noncompliant Code Example
This noncompliant code example declares
enum Hydrocarbon
and uses its
ordinal()
method to provide the result of the
getNumberOfCarbons()
method:
