Page History

...

Sound automated detection is infeasible; heuristic checks could be useful.

Related Vulnerabilities

Wiki MarkupPugh \ [[Pugh 2009|AA. References#Pugh 09]\] cites a vulnerability discovered by the Findbugs static analysis tool in the early betas of JDK 1.7 where the {{sun.security.x509.InvalidityDateExtension}} class returned a {{Date}} instance through a {{public}} accessor without creating defensive copies.

Related Guidelines

CERT C++ Secure Coding Standard	OOP35-CPP. Do not return references to private data.
MITRE CWE	CWE-375. Returning a mutable object to an untrusted caller

Bibliography

...

[[API 2006AA. References#API 06] ]
[Method `clone()`
http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()]
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ea7a1b1c-0bb2-4871-9d98-97495f319e2c"><ac:plain-text-body><![CDATA[
[ [Bloch 2008AA. References#Bloch 08] ]
Item 39. Make defensive copies when needed
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fe0b8ff4-143c-42b2-8b39-c07565af3a2a"><ac:plain-text-body><![CDATA[
[[Goetz 2006AA. References#Goetz 06]]
3.2, Publication and Escape: Allowing Internal Mutable State to Escape
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="be05c590-6a3d-4f67-9cc7-aa00da7fbfe7"><ac:plain-text-body><![CDATA[
[ [Gong 2003AA. References#Gong 03] ]
9.4, Private Object State and Object Immutability ]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="883fb011-566c-403b-abc8-7c48bb0cbafa"><ac:plain-text-body><![CDATA [ [[Haggar 2000AA. References#Haggar 00]]
[Practical Java Praxis 64. Use clone for immutable objects when passing or receiving object references to mutable objectshttp://www.informit.com/articles/article.aspx?p=20530]
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="12c2a235-7f20-438d-b312-cebebc286a04"><ac:plain-text-body><![CDATA[
[[Security 2006AA. References#Security 06]]
]]></ac:plain-text-body></ac:structured-macro>
...
04. Object Orientation (OBJ)

Space shortcuts

Page tree

Versions Compared

Old Version 99

New Version 100

Key

Related Vulnerabilities

Related Guidelines

Bibliography

[[API 2006AA. References#API 06] ]	[Method `clone()`	http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()]
]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ea7a1b1c-0bb2-4871-9d98-97495f319e2c"><ac:plain-text-body><![CDATA[	[ [Bloch 2008AA. References#Bloch 08] ]	Item 39. Make defensive copies when needed	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fe0b8ff4-143c-42b2-8b39-c07565af3a2a"><ac:plain-text-body><![CDATA[
[[Goetz 2006AA. References#Goetz 06]]	3.2, Publication and Escape: Allowing Internal Mutable State to Escape	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="be05c590-6a3d-4f67-9cc7-aa00da7fbfe7"><ac:plain-text-body><![CDATA[
[ [Gong 2003AA. References#Gong 03] ]	9.4, Private Object State and Object Immutability ]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="883fb011-566c-403b-abc8-7c48bb0cbafa"><ac:plain-text-body><![CDATA [ [[Haggar 2000AA. References#Haggar 00]]	[Practical Java Praxis 64. Use clone for immutable objects when passing or receiving object references to mutable objectshttp://www.informit.com/articles/article.aspx?p=20530]	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="12c2a235-7f20-438d-b312-cebebc286a04"><ac:plain-text-body><![CDATA[
[[Security 2006AA. References#Security 06]]	]]></ac:plain-text-body></ac:structured-macro>