org.sonar.l10n.java.rules.squid.S2384.html Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of java-checks Show documentation

There is a newer version: 8.6.0.37351


  Mutable objects are those whose state can be changed.
  For instance, an array is mutable, but a String is not.
  Mutable class members should never be returned to a caller or accepted and stored directly.
  Doing so leaves you vulnerable to unexpected changes in your class state.


  Instead, a copy of the mutable object should be made, and that copy should be stored or returned.


  This rule checks that arrays, collections and Dates are not stored or returned directly.


Noncompliant Code Example
class A {
  private String [] strings;

  public A () {
    strings = new String[]{"first", "second"};
  }

  public String [] getStrings() {
    return strings; // Noncompliant
  }

  public void setStrings(String [] strings) {
    this.strings = strings;  // Noncompliant
  }
}

public class B {

  private A a = new A();  // At this point a.strings = {"first", "second"};

  public void wreakHavoc() {
    a.getStrings()[0] = "yellow";  // a.strings = {"yellow", "second"};
  }
}


Compliant Solution
class A {
  private String [] strings;

  public A () {
    strings = new String[]{"first", "second"};
  }

  public String [] getStrings() {
    return strings.clone();
  }

  public void setStrings(String [] strings) {
    this.strings = strings.clone();
  }
}

public class B {

  private A a = new A();  // At this point a.strings = {"first", "second"};

  public void wreakHavoc() {
    a.getStrings()[0] = "yellow";  // a.strings = {"first", "second"};
  }
}


See

  MITRE, CWE-374 - Passing Mutable Objects to an Untrusted Method
  MITRE, CWE-375 - Returning a Mutable Object ot an Untrusted Caller
  CERT, OBJ05-J - Defensively copy private mutable class members before returning their references