Java Reference
In-Depth Information
Parentheses may be omitted from mathematical expressions that follow the algebraic
precedence rules. For example, consider the following expression:
x + y * z
By mathematical convention, multiplication is performed before addition; parentheses
are redundant in this case:
x + (y * z)
Detection of all expressions using low-precedence operators without parentheses is
straightforward.Determiningthecorrectnessofsuchusesisinfeasibleinthegeneralcase,
although heuristic warnings could be useful.
Bibliography
[ESA 2005]
Rule 65, Use parentheses to explicitly indicate the order of execution of nu-
merical operators
[Long 2012]
EXP05-J.Donotwritemorethanoncetothesamevariablewithinanexpres-
sion
[Tutorials 2013]
Expressions, Statements, and Blocks
59. Do not make assumptions about file creation
Although creating a file is usually accomplished with a single method call, this single ac-
tion raises multiple security-related questions. What should be done if the file cannot be
created? What should be done if the file already exists? What should be the file's initial
attributes, such as permissions?
Java provides several generations of file-handling facilities. The original input/output
facilities, which included basic file handling, are in the package
java.io
. More compre-
hensive facilities were included in JDK 1.4 with the New I/O package
java.nio
(see
New I/O APIs [Oracle 2010b]). Still more comprehensive facilities were included in JDK
1.7 with the New I/O 2 package
java.nio.file
. Both packages introduced a number of
methods to support finer-grained control over file creation.
