...
| Code Block | ||
|---|---|---|
| ||
class ReturnRef {
// ...
private Hashtable<Integer,String> getValues(){
return (Hashtable<Integer, String>)ht.clone(); // shallow copy
}
public static void main(String[] args) {
ReturnRef rr = new ReturnRef();
Hashtable<Integer,String> ht1 = rr.getValues(); // prints non sensitive data
ht1.remove(1); // untrusted caller can remove entries only from the copy
Hashtable<Integer,String> ht2 = rr.getValues(); // prints non sensitive data
}
}
|
If the When a hash table contained contains references to mutable data such as a series of Date objects, each of those objects must also be copied by using a copy constructor or method. For further details, refer to guidelines FIO00-J. Defensively copy mutable inputs and mutable internal components and OBJ10-J. Provide mutable classes with copy functionality to allow passing instances to untrusted code safely. Note that the keys of a hash table need not be deep copied; shallow copying of the references suffices because a hash table's contract dictates that it cannot hold duplicate keys.
...