Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: xref OBJ58-JG

Making defensive copies of mutable method parameters mitigates against a variety of security vulnerabilities; see OBJ06-J. Defensively copy mutable inputs and mutable internal components for additional information. However, inappropriate use of the clone method can allow an attacker to exploit vulnerabilities by providing arguments that pass initial validation but subsequently return unexpected values. Such objects may consequently bypass validation and security checks. Never use the clone method to make defensive copies of objects that are instances of classes that both are nonfinal and provide a clone() method. So never use the clone method for defensive copying of untrusted method parameters.

This guideline is a specific instance of OBJ58-JG. Do not rely on overridden methods provided by untrusted code.

Noncompliant Code Example

...