(2) Else pay attention to the problem.
It is generally thought that if the IF statement is only one sentence, then {} is not to be. However, if there is any else nesting, it is not the same, {} is required
Error Example:
if (I < 5)
if (I < 2)
i++;
Else
i--;
After modification:
if (I < 5) {
if (I < 2)
i++;
}
else {
i--;
}
(3) No more catch () No code in the block
It is a good practice to put some error-handling code inside the catch () block. But if the catch () has code for Javadoc, that's OK.
Error Example:
try {
System.in.read ();
catch (Java.io.IOException e) {
Error
}
That's right:
try {
System.in.read ();
catch (Java.io.IOException e) {
SYSTEM.OUT.PRINTLN ("descriptive error");
}
Reference: Joshua Bloch: "Effective java-programming Language Guide".
Addison-wesley, 2001, pp. 187
(4) Do not enclose the value in the IF condition
If you do this, the system will report an error. It is unwise to use attached values in many Java conditional declarations, and the system also reports errors. can easily cause an exception. Compliance with the regulations can make maintenance simple and avoid inconsistencies.
Error Example:
if (b = true)
The correct:
if (b = = true)
Reference: Section 10.4 of http://java.sun.com/docs/codeconv/html/CodeConventions.doc9.html#547
(5) The For statement requires a loop body.
If {} is not, the For statement is only executed once!
Error Example:
for (i = 0; i < i++);
System.out.println (i);
Here print () is only performed once.
That's right:
for (i = 0; i < i++) {//FIXED
System.out.println (i);
}
(5) Do not define the method as main ().
In Java, the main () method is a special method. So do not define a method in the definition of such a name, so as not to cause mixed disturbances.
(6) Do not directly or indirectly define the ' Error ' and ' throwable ' subclasses
The ' Java.lang.Error ' overrides this method only when the JVM is abnormal, and if you define the class ' error ' by the direct or indirect class, it is pointed out that the error is internal to the JVM, not the class. So it's not visible to the Java compiler, so you can't check for incorrect exception handling.
' Java.lang.Throwable ' is ' Java.lang '. Exception ' and ' Java.lang.Error ' superior class, the user should inherit ' Java.lang if it is defined as an exception class. Exception '.
Example of an error: public class ABC extends error
Correct: public class ABC extends Exception
(7) The "case" problem in the "switch" statement
It is best to define a "return" or "break" in each "case" to control not to go to the "case" below. If a "case" statement does not have a "break" or "return" sentence at the end of the code, the program will go to the next. If this "case" is the last one, then there is no problem, and if there is a "case" behind it, it looks less secure.
Error Example:
switch (i) {
Case 1:
x = 10;
Break
Case 2:
x = 20;
Default
A = 40;
Break
That's right:
switch (i) {
Case 1:
x = 10;
Break
Case 2://violation
x = 20;
Break
Default
x = 40;
Break
(8) Do not recommend the use of ' system.getenv () '
It's not recommended to use ' system.getenv () ', which looks good, but not all systems have environment variables. Not using this method can also bring some inconvenience.
Error Example:
void method (String name) {
SYSTEM.GETENV (name); There are other ways to replace
}
If this method is not used, we can substitute it in other ways. For example: ' System.getproperty () ', ' gettypename () ', etc., this can also find the Java System Properties.
Reference: David Flanagan: "Java in a Nutshell". O ' Reilly
November, 1999:third Edition, pp.190-192
(9) Do not use ' \ n ' or ' \ R ' to branch
These two tags seem to be common, especially ' \ n '. We often use it as a branch. But different systems use different branch characters, so these characters violate Java platform independence in some sense.
Error Example:
System.out.println ("hello\n" + name);
We can substitute some other methods, such as println (), which play the same role on different system platforms. The latter recommends that everyone use this method: System.getproperty ("Line.separator")
Reference: David Flanagan: "Java in a Nutshell". O ' Reilly,
November 1999:third Edition, pp. 191-192
(10) Make all the inner classes "private".
Java allows a class to contain another class, with Java byte code without this concept. Class is interpreted by the compiler as a package-private class. In a deeper sense, any internal private object that contains a class can be accessed by an internal class, as well as by other classes within the same package.
Error Example:
public class INNER {
Class Inner_class {
void SetValue (int i) {
_value = i; Now the package will be accessible.
}
}
private int _value;
}
So you need to add private class Inner_class
Reference: Statically scanning Java code:finding security vulnerabilities.
John Viega, Gary McGraw, Tom Mutdosch, and Edward W. Felten
IEEE SOFTWARE September/october 2000
(11) Do not serialize the interface
If a byte array contains a serialized object. The attacker would be able to read the internal state of the object in the field (including private).
Error Example:
Public interface Sample extends Java.io.Serializable
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
