If security checks are based on untrusted sources, it becomes possible to bypass them. It is recommended to defensively copy the untrusted object or parameter before the security check is carried out. For this purpose deep copies must be created as opposed to using the clone() method to create shallow copies (MET39MET08-J. Do not use the clone method to copy untrusted method parameters). Also see the related guideline FIO00-J. Defensively copy mutable inputs and mutable internal components.
...
Security checks should not be based on untrusted sources. This compliant solution ensures that the java.io.File object cannot be untrusted. This is achieved by declaring java.io.File as final and ensuring that a new java.io.File object is created in the openFile() method. Note that using the clone() method instead, would copy the attacker's class which is not desirable (refer to MET39MET08-J. Do not use the clone method to copy untrusted method parameters).
...