...
| Code Block | ||
|---|---|---|
| ||
class MutableClass {
private Date d;
public MutableClass() {
d = new Date();
}
protected Date getDate() {
return d;
}
}
|
| Wiki Markup |
|---|
Pugh \[[Pugh 09|AA. Java References#Pugh 09]\] cites a vulnerability discovered by the Findbugs static analysis tool in the early betas of jdk 1.7. The class {{sun.security.x509.InvalidityDateExtension}} returned a {{Date}} instance through a {{public}} accessor, without creating defensive copies. |
Compliant Solution
Do not carry out defensive copying using the clone() method in constructors, where the (non-system) class can be subclassed by untrusted code. This will limit the malicious code from returning a crafted object when the object's clone() method is invoked.
...
| Wiki Markup |
|---|
\[[SCG 07|AA. Java References#SCG 07]\] Guideline 2-1 Create a copy of mutable inputs and outputs
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 39: Make defensive copies when needed
\[[Pugh 09|AA. Java References#Pugh 09]\] Returning references to internal mutable state |
...
FIO07-J. Do not assume infinite heap space 07. Input Output (FIO) SER30-J. Do not serialize sensitive data