...
Note that the performance costs of violating this guideline (or using copy functionality such as clone()) might be significantly more than using an accessor method that returns a copy of a single mutable member. This is because a well designed copy method returns a copy of the complete object, including all mutable components) as opposed to that of a single member, which makes it relatively slower.
| Wiki Markup |
|---|
Pugh \[[Pugh 092009|AA. Java References#Pugh 09]\] cites a vulnerability discovered by the Findbugs static analysis tool in the early betas of jdk 1.7. The class {{sun.security.x509.InvalidityDateExtension}} returned a {{Date}} instance through a {{public}} accessor, without creating defensive copies. |
...
| Wiki Markup |
|---|
*EX1:* According to Sun's Secure Coding Guidelines document \[[SCG 072007|AA. Java References#SCG 07]\]: |
...
References
| Wiki Markup |
|---|
\[[API 062006|AA. Java References#API 06]\] [method clone()|http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()] \[[Security 062006|AA. Java References#Security 06]\] \[[Bloch 082008|AA. Java References#Bloch 08]\] Item 39: Make defensive copies when needed \[[SCG 072007|AA. Java References#SCG 07]\] Guideline 2-1 Create a copy of mutable inputs and outputs \[[Haggar 002000|AA. Java References#Haggar 00]\] [Practical Java Praxis 64: Use clone for Immutable Objects When Passing or Receiving Object References to Mutable Objects|http://www.informit.com/articles/article.aspx?p=20530] \[[Goetz 062006|AA. Java References#Goetz 06]\] 3.2. Publication and Escape: Allowing Internal Mutable State to Escape \[[Gong 032003|AA. Java References#Gong 03]\] 9.4 Private Object State and Object Immutability \[[MITRE 092009|AA. Java References#MITRE 09]\] [CWE ID 375|http://cwe.mitre.org/data/definitions/375.html] "Passing Mutable Objects to an Untrusted Method" |
...