...
Calling overridable methods on the clone under construction can expose class internals to malicious code or violate class invariants by exposing the clone to trusted code in a partially initialized state, affording the opportunity to corrupt the state of the clone, the object being cloned, or both.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
MET06-J | Medium | Probable | Yes | NoLow | P12P8 | L1L2 |
Automated Detection
Automated detection is straightforward.
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.MET06.CLONE | Make your 'clone()' method "final" for security | ||||||
| SpotBugs |
| MC_OVERRIDABLE_METHOD_CALL_IN_CLONE | Implemented (since 4.5.0) |
...