commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jcar...@apache.org
Subject svn commit: r1349099 - in /commons/proper/proxy/branches/version-2.0-work: cglib/src/main/java/org/apache/commons/proxy2/cglib/ core/src/main/java/org/apache/commons/proxy2/invoker/ javassist/src/main/java/org/apache/commons/proxy2/javassist/
Date Tue, 12 Jun 2012 02:46:50 GMT
Author: jcarman
Date: Tue Jun 12 02:46:49 2012
New Revision: 1349099

URL: http://svn.apache.org/viewvc?rev=1349099&view=rev
Log:
Removing direct array stores.  Security issue (reported by Sonar).

Modified:
    commons/proper/proxy/branches/version-2.0-work/cglib/src/main/java/org/apache/commons/proxy2/cglib/CglibProxyFactory.java
    commons/proper/proxy/branches/version-2.0-work/core/src/main/java/org/apache/commons/proxy2/invoker/RecordedInvocation.java
    commons/proper/proxy/branches/version-2.0-work/javassist/src/main/java/org/apache/commons/proxy2/javassist/JavassistInvocation.java

Modified: commons/proper/proxy/branches/version-2.0-work/cglib/src/main/java/org/apache/commons/proxy2/cglib/CglibProxyFactory.java
URL: http://svn.apache.org/viewvc/commons/proper/proxy/branches/version-2.0-work/cglib/src/main/java/org/apache/commons/proxy2/cglib/CglibProxyFactory.java?rev=1349099&r1=1349098&r2=1349099&view=diff
==============================================================================
--- commons/proper/proxy/branches/version-2.0-work/cglib/src/main/java/org/apache/commons/proxy2/cglib/CglibProxyFactory.java
(original)
+++ commons/proper/proxy/branches/version-2.0-work/cglib/src/main/java/org/apache/commons/proxy2/cglib/CglibProxyFactory.java
Tue Jun 12 02:46:49 2012
@@ -23,6 +23,7 @@ import net.sf.cglib.proxy.Dispatcher;
 import net.sf.cglib.proxy.Enhancer;
 import net.sf.cglib.proxy.MethodInterceptor;
 import net.sf.cglib.proxy.MethodProxy;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.proxy2.Interceptor;
 import org.apache.commons.proxy2.Invocation;
 import org.apache.commons.proxy2.Invoker;
@@ -195,7 +196,7 @@ public class CglibProxyFactory extends A
             this.target = target;
             this.method = method;
             this.methodProxy = methodProxy;
-            this.args = args;
+            this.args = ArrayUtils.clone(args);
         }
 
         public Method getMethod()

Modified: commons/proper/proxy/branches/version-2.0-work/core/src/main/java/org/apache/commons/proxy2/invoker/RecordedInvocation.java
URL: http://svn.apache.org/viewvc/commons/proper/proxy/branches/version-2.0-work/core/src/main/java/org/apache/commons/proxy2/invoker/RecordedInvocation.java?rev=1349099&r1=1349098&r2=1349099&view=diff
==============================================================================
--- commons/proper/proxy/branches/version-2.0-work/core/src/main/java/org/apache/commons/proxy2/invoker/RecordedInvocation.java
(original)
+++ commons/proper/proxy/branches/version-2.0-work/core/src/main/java/org/apache/commons/proxy2/invoker/RecordedInvocation.java
Tue Jun 12 02:46:49 2012
@@ -17,6 +17,7 @@
 
 package org.apache.commons.proxy2.invoker;
 
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.proxy2.ProxyUtils;
 
 import java.lang.reflect.Method;
@@ -46,7 +47,7 @@ public class RecordedInvocation
     public RecordedInvocation( Method invokedMethod, Object[] arguments )
     {
         this.invokedMethod = invokedMethod;
-        this.arguments = arguments;
+        this.arguments = ArrayUtils.clone(arguments);
     }
 
   //**********************************************************************************************************************

Modified: commons/proper/proxy/branches/version-2.0-work/javassist/src/main/java/org/apache/commons/proxy2/javassist/JavassistInvocation.java
URL: http://svn.apache.org/viewvc/commons/proper/proxy/branches/version-2.0-work/javassist/src/main/java/org/apache/commons/proxy2/javassist/JavassistInvocation.java?rev=1349099&r1=1349098&r2=1349099&view=diff
==============================================================================
--- commons/proper/proxy/branches/version-2.0-work/javassist/src/main/java/org/apache/commons/proxy2/javassist/JavassistInvocation.java
(original)
+++ commons/proper/proxy/branches/version-2.0-work/javassist/src/main/java/org/apache/commons/proxy2/javassist/JavassistInvocation.java
Tue Jun 12 02:46:49 2012
@@ -21,6 +21,7 @@ import javassist.CannotCompileException;
 import javassist.CtClass;
 import javassist.CtConstructor;
 import javassist.CtMethod;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.proxy2.Invocation;
 import org.apache.commons.proxy2.ProxyUtils;
 
@@ -204,7 +205,7 @@ public abstract class JavassistInvocatio
     {
         this.method = method;
         this.target = target;
-        this.arguments = arguments;
+        this.arguments = ArrayUtils.clone(arguments);
     }
 
 //**********************************************************************************************************************



Mime
View raw message