...
Calling overridable methods on the clone under construction can expose class internals to malicious code or violate class invariants by exposing the clone to trusted code in a partially initialized state, affording the opportunity to corrupt the state of the clone, the object being cloned, or both.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MET06-J | Medium | Probable | Low | P12 | L1 |
Automated Detection
Automated detection is straightforward.
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| SECURITY.WSC.CLONE | Make your 'clone()' method "final" for security |
Bibliography
Item 11, "Override | |
...
...