*
The moose likes Security and the fly likes Java Coding Guidelines Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java Coding Guidelines Question" Watch "Java Coding Guidelines Question" New topic
Author

Java Coding Guidelines Question

Stuie Clarky
Ranch Hand

Joined: Nov 09, 2012
Posts: 73

Hi to all the authors

I would like to know that if there was a single thing you could get developers to do that would have the greatest impact on improving the level and quality of security, what would it be? Was there a common recurring factor that kept resurfacing, either during writing the book or that you have seen professionally, that became a real 'bash-head-into-keyboard' moment for you?

Best of luck with the book, will be adding it to my reading list

Cheers,
S


OCAJP 7
David Svoboda
Author
Greenhorn

Joined: Oct 21, 2013
Posts: 13
    
    5

I'd say the biggest thing would be that methods should throw exceptions rather than return error values. Java does this under many circumstances, but not all.


For example, many of the File methods, such as File.mkdir() return a boolean indicating success. An all-too-common error is for code to call File.mkdir(), ignore the result, and then proceed to work with that directory. If mkdir() fails for some reason, then future code would misbehave. If you're lucky, you'll get an IOException somewhere, but not at mkdir() the failure really occured.
We address this more fully in FIO02-J. Detect and handle file-related errors from our first book.



The best advice I can give ten is: if your method might fail, and the failure might affect anyone who calls your function, then throw an exception. They can catch it if they don't care about failure.


[Java Coding Guidelines] and [The CERT Oracle Secure Coding Standard for Java ] are from the [CERT Secure Coding Initiative]
Dhruv Mohindra
Author
Greenhorn

Joined: Dec 08, 2009
Posts: 11
    
    5
Hi Stuie,
Stuie Clarky wrote:
I would like to know that if there was a single thing you could get developers to do that would have the greatest impact on improving the level and quality of security, what would it be?


In the absence of a dedicated in-house or 3rd party security program, the single best thing I recommend for a development team is to incorporate a peer code review process and appoint a "champion" developer who has the additional responsibility of ensuring that the code makes the cut. It's always good to run a suite of security tools that can catch the low hanging fruit and let the security champion overhaul the overall awareness levels of the team through frequent knowledge-sharing sessions.


Was there a common recurring factor that kept resurfacing, either during writing the book or that you have seen professionally, that became a real 'bash-head-into-keyboard' moment for you?


It's always a challenge to code securely and get it right the first time. The bash-head moment occurs when any of our proposed secure solutions violates one of our own different guidelines, but luckily we can blame each other on those rare occasions.


You know what I did last summer - Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs.
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38087
    
  22
David Svoboda wrote:I'd say the biggest thing would be that methods should throw exceptions rather than return error values. . . .
If you have ever learnt any Eiffel™, you know that Eiffel™ methods have REQUIRE and ENSURE keywords, to enforce preconditions and postconditions. To use them you have to understand the concepts of class invariants and methods maintaining correctness.
Do you think returning default values as opposed to throwing Exceptions represents poor understanding of general Computer Science and maintaining the invariants?

We all know that C code tends to return or set error values and doesn't suppotr exceptions (at least I think so). I also suspect that some of the older features of Java® (e.g. the names of methods in the Math class are “borrowed” from C conventions. Is there any chance the methods like mkdir() are like that, being introduced without a complete understanding of Exceptions.

And now I have started asking naughty questions, is there a corresponding method in C#? Does that throw Exceptions in case of failure?
David Svoboda
Author
Greenhorn

Joined: Oct 21, 2013
Posts: 13
    
    5

I will suggest that exceptions are much preferable over returning default values (such as null). When a program exits from a library function, the library loses the ability to control what happens next. A function that detects an error could return a default value, or set some static error variable (such as C's errno), but code that calls the function is free to ignore the default value or error indicator, and happily assume the function succeeded. This has caused many vulnerabilities like this Flash exploit.

Java exceptions are a big win because they allow a library writer to divert control flow by throwing an exception. While caller code can catch and handle the exception (or even ignore it), this is not the default behavior. Novice programmers who invoke the library function without catching the exception will usually find their program terminated because they didn't handle an error condition.
Stuie Clarky
Ranch Hand

Joined: Nov 09, 2012
Posts: 73

Thanks for all the responses everyone

From what has been said, it sounds like the company I work for is not doing too badly. We do have a fairly rigorous peer review system in place(we are required to get a technical reviewer and a functional reviewer to both approve before the commit is allowed), although I feel the focus is more on the code adhering to 'the standards' rather than security. Historically our product is very stand alone with little outside world interaction, but this is now slowly changing so I guess security should become more prominent.

Thanks again everyone,

Stuie
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38087
    
  22
Do you think there would be a problem if your standalone program goes onto the web? If you have the sort of return‑null type of methods, do you have to change them to throw an Exception throughout? Particularly if those are checked Exceptions?
Stuie Clarky
Ranch Hand

Joined: Nov 09, 2012
Posts: 73

We are building functionality currently to allow for a cloud deployment (new customer wants it that way), so it will be very much out there once they go live. There is a lot of legacy stuff that (~12 years old or so) that would really benefit from a beating with the refactor stick, but as to how much we can get into scope that is a different question...

Stuie
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38087
    
  22
Of course, 12 years ago nobody had envisaged the Cloud.
Stuie Clarky
Ranch Hand

Joined: Nov 09, 2012
Posts: 73

There are still parts in the bowels of the code base that were written pre Java 5
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38087
    
  22
It is only a few years since people discussed Java1.3 code on this website. A lot of companies are scared to get rid of ten‑year‑old code in case the updating breaks the app.
Stuie Clarky
Ranch Hand

Joined: Nov 09, 2012
Posts: 73

Yeah, we are slowly managing to refactor it out where there is time and testing budget. Just makes me sad when you build the project and get 80-90k worth of compiler warnings
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Java Coding Guidelines Question
 
Similar Threads
* Welcome Ganesan Ponnusamy
getClass and type reification?
last one gets the lock gets the contractor?
now forum for discussion on books
new to java