Your most unhappy customers are your greatest source of learning.

Malicious code vulnerability - May expose internal representation by returning reference to mutable object

Hi Everyone,

Normally this kind of violations comes when you are using mutable object in getter settter.

Ideally you should not direct return mutable object, instead you can return clone of that mutable object.

If you see this violation in your code , you can use below code for your mutable object :

If you are using Date :

public class DateTest {
    private Date date;

    public DateTest() {

    }

    public Date getDate() {
        return (Date) date.clone();
    }

    public void setDate(Date date) {
        this.date = (Date) date.clone();
    }      
}


If you are using Array:

public String[] getChkBox() {

return (String[])chkBox.clone();

}

1 comment

  1. The method clone() for arrays, contemplate null cases, for dates null cases no contemplate.

    ReplyDelete

Most Reading

 

Like Me & Share

Buy Websites PRchecker.info

Members

Ranks