SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 42

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 43

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Code Block
bgColor#ccccff
  public void deepCopy(int[] ints, HttpCookie[] cookies) {
    if (ints == null || cookies == null) {
      throw new NullPointerException();
    }

    // Shallow copy
    int[] intsCopy = ints.clone();

    // Deep copy
    HttpCookie[] cookiesCopy = new HttpCookie[cookies.length];
    for (int i = 0; i <&lt; cookies.length; i++) {
      // Manually create copy of each element in array
      cookiesCopy[i] = (HttpCookie)cookies[i].clone();
    }
 
    doLogic(intsCopy, cookiesCopy);
}

...

Code Block
bgColor#FFcccc
// java.util.Collection is an interface
public void copyInterfaceInput(Collection<String>Collection&lt;String&gt; collection) {
  doLogic(collection);
}

...

Code Block
bgColor#ccccff
public void copyInterfaceInput(Collection<String>Collection&lt;String&gt; collection) {
  // Convert input to trusted implementation
  collection = new ArrayList(collection);
  doLogic(collection);
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[SCG 07|AA. Java References#SCG 07]\] Guideline 2-1 Create a copy of mutable inputs and outputs
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 39: Make defensive copies when needed
\[[Pugh 09|AA. Java References#Pugh 09]\] Returning references to internal mutable state

...

FIO30-J. Do not log sensitive information      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;09. Input Output (FIO)      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;FIO32-J. Ensure all resources are properly closed when they are no longer needed