...
Sound automated detection appears to be infeasible in the general case. Heuristic approaches could be useful.
Related Guidelines
CWE ID 374, "Passing Mutable Objects to an Untrusted Method" | |
| CWE ID 375, "Returning a Mutable Object to an Untrusted Caller" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a2c4c67a2aebedff-22f3e9bd-43aa4927-90a4a4a2-6d4fc627d739fe1f8eebf3f9"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method clone() | http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7b05d7a69eb0bfb6-6ebaeed7-48ef4664-8790a6ee-0b70357d2d8369c6a736865c"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 39: Make defensive copies when needed and Item 11: Override clone judiciously | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a430eff4da2791b1-9a385b92-411d4c76-bad79fb9-55087e50369bfbb2b8cefe3b"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 2-2 Support copy functionality for a mutable class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0d080c37f7ab58f0-662512eb-471a4837-9dd9957a-125a3f206746f9fa0b4b7212"><ac:plain-text-body><![CDATA[ | [[SCG 2009 | AA. Bibliography#SCG 09]] | Guideline 2-3 Support copy functionality for a mutable class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="73e205956bf182fa-14b96f96-4b0b46e9-89698ae2-bb1b7414a4a9f7943818a9bb"><ac:plain-text-body><![CDATA[ | [[Security 2006 | AA. Bibliography#Security 06]] | ]]></ac:plain-text-body></ac:structured-macro> |
...