This is the eighteenth installment of explanation of PMD rules covering some Security Guidelines.
Security Code Guidelines
These rules check the security guidelines from Sun, published at http://java.sun.com/security/seccodeguide.html#gcg
MethodReturnsInternalArray
Exposing internal arrays directly allows the user to modify some code that could be critical. It is safer to return a copy of the array.
Example
ArrayIsStoredDirectly
Constructors and methods receiving arrays should clone objects and store the copy. This prevents that future changes from the user affect the internal functionality.
Example
Security Code Guidelines
These rules check the security guidelines from Sun, published at http://java.sun.com/security/seccodeguide.html#gcgMethodReturnsInternalArray
Exposing internal arrays directly allows the user to modify some code that could be critical. It is safer to return a copy of the array.Example
public class SecureSystem { UserData [] ud; public UserData [] getUserData() { // Don't return directly the internal array, return a copy return ud; }}
ArrayIsStoredDirectly
Constructors and methods receiving arrays should clone objects and store the copy. This prevents that future changes from the user affect the internal functionality.Example
public class Foo {private String [] x;
public void foo (String [] param) { // Don't do this, make a copy of the array at least this.x=param; }}
No comments:
Post a Comment