...
| Code Block | ||
|---|---|---|
| ||
class UnmodifiableDateView extends Date {
private Date date;
public UnmodifiableDateView(Date date) {
this.date = date;
}
public void setTime(long date) {
throw new UnsupportedOperationException();
}
// Override all other mutator methods to throw UnsupportedOperationException
}
public final class MutableClass {
private Date date;
public MutableClass(Date d) {
this.date = d;
}
public void setDate(Date d) {
this.date = (Date) d.clone();
}
public UnmodifiableDateView getDate() {
return new UnmodifiableDateView(date);
}
}
|
Exceptions
OBJ08OBJ04-EX1: Sensitive classes should not be cloneable, per rule "OBJ03-J. Sensitive classes must not let themselves be copied."
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ08 OBJ04-J | low | likely | medium | P6 | L2 |
Automated Detection
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d5a4e3c028f2373c-f7f62d75-4b2d431b-8e7ca6cb-e5584c64d1f3c7c288375f96"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE-374 | http://cwe.mitre.org/data/definitions/374.html] "Passing Mutable Objects to an Untrusted Method" and [CWE-375 | http://cwe.mitre.org/data/definitions/375.html] "Returning a Mutable Object to an Untrusted Caller" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="27f3ab7170bf4a92-76e9d296-41524deb-b1bd9bdf-6dee9b2841569e64ec298b4d"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method clone() | http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d787032e92c70d6a-5e7d20b0-4fcd40b8-bc2a83f6-83ccbe7e30c25275a488503d"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 39: Make defensive copies when needed and Item 11: Override clone judiciously | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d7c2d10f0669e35e-1533f41d-4d994497-b698b948-cd024556e001518dbe2b25e6"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 2-2 Support copy functionality for a mutable class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="34c843f013e8b674-9d5d6220-47db4811-b9338cef-89c9677d6300bc55d653829d"><ac:plain-text-body><![CDATA[ | [[SCG 2009 | AA. Bibliography#SCG 09]] | Guideline 2-3 Support copy functionality for a mutable class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0d7730832601cbb8-15310559-4f794888-ab8d9009-95a8ad47ce2c3fc412ec7672"><ac:plain-text-body><![CDATA[ | [[Security 2006 | AA. Bibliography#Security 06]] | ]]></ac:plain-text-body></ac:structured-macro> |
...