...
| Code Block | ||
|---|---|---|
| ||
// java.util.ArrayList is mutable and non-final
public void copyNonFinalInput(ArrayList list) {
// create new instance of declared input type
list = new ArrayList(list);
doLogic(list);
}
// java.util.Collection is an interface
public void copyInterfaceInput(Collection collection) {
// convert input to trusted implementation
collection = new ArrayList(collection);
doLogic(collection);
}
|
Risk Assessment
TODOFailing to create a copy of a mutable input may enable an attacker to exploit a TOCTOU vulnerability.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO31-J | ?? medium ?? | probable | ?? high | P?? | L?? |
Automated Detection
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[SCG 07|AA. Java References#SCG 07]\] |
