directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Knecht <fe...@otego.com>
Subject Mutable Objects
Date Sat, 15 May 2010 09:02:53 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We do have mutable objects like Data/Arrays/Collections/... in getter
methods (e.g. [1]).

- From FindBugs:
"EI: May expose internal representation by returning reference to
mutable object (EI_EXPOSE_REP)

Returning a reference to a mutable object value stored in one of the
object's fields exposes the internal representation of the object.  If
instances are accessed by untrusted code, and unchecked changes to the
mutable object would compromise security or other important properties,
you will need to do something different. Returning a new copy of the
object is better approach in many situations."

I suggest to clone such data and return the clone instead.

WDYT?



[1]
http://people.apache.org/~felixk/shared-docs/xref/org/apache/directory/shared/asn1/ber/tlv/Value.html#153
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvuYz0ACgkQ2lZVCB08qHH8HACeKOuK4AJT8ZGsZ2a550RQdOEk
Mv0AnRy5uqR0Ontu/KLBlzL+pe/6qqcn
=ZSDI
-----END PGP SIGNATURE-----

Mime
View raw message