Page History

...

Sound automated detection is infeasible; heuristic checks could be useful.

Related Vulnerabilities

Wiki MarkupPugh \ [[Pugh 2009|AA. References#Pugh 09]\] cites a vulnerability discovered by the Findbugs static analysis tool in the early betas of JDK 1.7 where the {{sun.security.x509.InvalidityDateExtension}} class returned a {{Date}} instance through a {{public}} accessor without creating defensive copies.

Related Guidelines

CERT C++ Secure Coding Standard	OOP35-CPP. Do not return references to private data.
MITRE CWE	CWE-375. Returning a mutable object to an untrusted caller

Bibliography

...

[[API 2006AA. References#API 06] ]
[Method `clone()`
http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()]
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="86a60f4e-0fba-4daf-b8ce-d2df7de985ce"><ac:plain-text-body><![CDATA[
[ [Bloch 2008AA. References#Bloch 08] ]
Item 39. Make defensive copies when needed
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="44c7dbac-de34-41bf-83f2-720dde4e3d80"><ac:plain-text-body><![CDATA[
[[Goetz 2006AA. References#Goetz 06]]
3.2, Publication and Escape: Allowing Internal Mutable State to Escape
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1f9b0707-670e-4dde-b65c-e170257a763e"><ac:plain-text-body><![CDATA[
[ [Gong 2003AA. References#Gong 03] ]
9.4, Private Object State and Object Immutability ]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b9a41a82-cab2-40f9-97fc-0649e032c673"><ac:plain-text-body><![CDATA [ [[Haggar 2000AA. References#Haggar 00]]
[Practical Java Praxis 64. Use clone for immutable objects when passing or receiving object references to mutable objectshttp://www.informit.com/articles/article.aspx?p=20530]
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4f5a4e82-25f7-42f8-b1f1-c9de0155a338"><ac:plain-text-body><![CDATA[
[[Security 2006AA. References#Security 06]]
]]></ac:plain-text-body></ac:structured-macro>
...
04. Object Orientation (OBJ)

Space shortcuts

Page tree

Versions Compared

Old Version 99

New Version 100

Key

Related Vulnerabilities

Related Guidelines

Bibliography

[[API 2006AA. References#API 06] ]	[Method `clone()`	http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()]
]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="86a60f4e-0fba-4daf-b8ce-d2df7de985ce"><ac:plain-text-body><![CDATA[	[ [Bloch 2008AA. References#Bloch 08] ]	Item 39. Make defensive copies when needed	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="44c7dbac-de34-41bf-83f2-720dde4e3d80"><ac:plain-text-body><![CDATA[
[[Goetz 2006AA. References#Goetz 06]]	3.2, Publication and Escape: Allowing Internal Mutable State to Escape	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1f9b0707-670e-4dde-b65c-e170257a763e"><ac:plain-text-body><![CDATA[
[ [Gong 2003AA. References#Gong 03] ]	9.4, Private Object State and Object Immutability ]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b9a41a82-cab2-40f9-97fc-0649e032c673"><ac:plain-text-body><![CDATA [ [[Haggar 2000AA. References#Haggar 00]]	[Practical Java Praxis 64. Use clone for immutable objects when passing or receiving object references to mutable objectshttp://www.informit.com/articles/article.aspx?p=20530]	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4f5a4e82-25f7-42f8-b1f1-c9de0155a338"><ac:plain-text-body><![CDATA[
[[Security 2006AA. References#Security 06]]	]]></ac:plain-text-body></ac:structured-macro>