Page History

...

Creating a mutable class without providing copy functionality can result in the data of its instance becoming corrupted when the instance is passed to untrusted code.

Rule	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
OBJ04-J	Low	Likely	No

Medium

No

P6

P3

L2

L3

Automated Detection

Sound automated detection is infeasible in the general case. Heuristic approaches could be useful.

Tool	Version	Checker	Description

CodeSonar

Coverity

4

7.

2

5

FB.

MALICIOUS_CODE.

EI_EXPOSE_

REP

REP2
FB

.MALICIOUS_CODE

.EI_EXPOSE_

REP2

May expose internal representation by returning reference to mutable object

May expose internal representation by incorporating reference to mutable object

REP

Implemented

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

SV.EXPOSE.RET
SV.EXPOSE.STORE

Coverity7.5

FB.EI_EXPOSE_REP2
FB.EI_EXPOSE_REP

Implemented

Parasoft Jtest

Include Page

java:

	Parasoft_V

java:

	Parasoft_V

SECURITY

CERT.

WSC

OBJ04.CLONE

, SECURITY

CERT.

EAB

OBJ04.CPCL

, SECURITY

CERT.

EAB

OBJ04.MPT

, SECURITY

CERT.

EAB

OBJ04.SMO

, OOP.MUCOP

CERT.OBJ04.MUCOP

Make your 'clone()' method "final" for security
Enforce returning a defensive copy in 'clone()' methods
Do not pass user-given mutable objects directly to certain types
Do not store user-given mutable objects directly into variables
Provide mutable classes with copy functionality

Related Guidelines

MITRE CWE	CWE-374, Passing Mutable Objects to an Untrusted Method CWE-375, Returning a Mutable Object to an Untrusted Caller
Secure Coding Guidelines for Java SE, Version 5.0	Guideline 6-4 / MUTABLE-4: Support copy functionality for a mutable class

Bibliography

[API 2014]	Method `clone()`
[Bloch 2008]	Item 39, "Make Defensive Copies When Needed" Item 11, "Override Clone Judiciously"
[Security 2006]

...

Space shortcuts

Page tree

Versions Compared

Old Version 149

New Version Current

Key

Automated Detection

Related Guidelines

Bibliography