SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 151

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Creating a mutable class without providing copy functionality can result in the data of its instance becoming corrupted when the instance is passed to untrusted code.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

OBJ04-J

Low

Likely

No

NoMedium

P6P3

L2L3

Automated Detection

Sound automated detection is infeasible in the general case. Heuristic approaches could be useful.

Implemented
Tool
Version
Checker
Description
CodeSonarCoverity47.25

FB.MALICIOUS_CODE.EI_EXPOSE_REPREP2
FB.MALICIOUS_CODE.EI_EXPOSE_REP2

May expose internal representation by returning reference to mutable object

May expose internal representation by incorporating reference to mutable object

Coverity7.5

FB.EI_EXPOSE_REP2
FB.EI_EXPOSE_REP

REP

Implemented
Klocwork

Include Page
Klocwork_V
Klocwork_V

SV.EXPOSE.RET
SV.EXPOSE.STORE
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.OBJ04.CLONE
CERT.OBJ04.CPCL
CERT.OBJ04.MPT
CERT.OBJ04.SMO
CERT.OBJ04.MUCOP		Make your 'clone()' method "final" for security
Enforce returning a defensive copy in 'clone()' methods
Do not pass user-given mutable objects directly to certain types
Do not store user-given mutable objects directly into variables
Provide mutable classes with copy functionality

Related Guidelines

MITRE CWE

CWE-374, Passing Mutable Objects to an Untrusted Method
CWE-375, Returning a Mutable Object to an Untrusted Caller

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 6-4 / MUTABLE-4: Support copy functionality for a mutable class

...