...
In this noncompliant code example, MutableClass uses a mutable field date of type Date. Class Date is also a mutable class. The example is not compliant fails to comply because MutableClass objects provide no means of copying themselveslack copy functionality.
| Code Block | ||
|---|---|---|
| ||
public final class MutableClass {
private Date date;
public MutableClass(Date d) {
this.date = d;
}
public void setDate(Date d) {
this.date = d;
}
public Date getDate() {
return date;
}
}
|
When a trusted caller passes an instance of MutableClass to untrusted code, and the untrusted code modifies that instance (perhaps by incrementing the month or changing the timezone), the state of the object may no longer remain consistent may consequently become inconsistent with its previous state. Similar problem problems can arise in the presence of multiple threads, even in the absence of untrusted code.
...
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ10-J | low | likely | medium | P6 | L2 |
Automated Detection
TODOSound automated detection appears to be infeasible in the general case. Heuristic approaches may be useful.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...