Every serializable class that has private mutable instance variables must defensively copy them in the readObject() method. An attacker can tamper with the serialized form of such a class, appending extra references to the byte stream. When deserialized, this byte stream could allow the creation of a class instance whose internal variable references are controlled by the attacker. Consequently, this allows the class instance of the container class to can mutate and violate its class invariants.
This rule is an instance of rule OBJ06-J. Defensively copy mutable inputs and mutable internal components. Whereas that rule which applies to constructors and to other methods that accept untrusted mutable arguments, whereas this rule applies the same principle to deserialized mutable fields.
...
| Wiki Markup |
|---|
There is no need to copy immutable subobjects. Also, avoid using the subobject's {{clone()}} method because it can be overridden when the subobject's class is non-finalnonfinal and produces only a shallow copy. The subobjects ({{date}}) themselves must be non-finalnonfinal so that defensive copying can occur. It is also inadvisable to use the {{writeUnshared()}} and {{readUnshared()}} methods as an alternative \[[Bloch 2008|AA. Bibliography#Bloch 08]\]. |
...
Related Guidelines
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="16cffa490a520b69-41f9d89d-443943a4-a64ea926-9e669c665200312e397cb9ec"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9bcdcbee1ddbce28-26801ebb-43934998-8ffab305-9c733cb5c1c09919306d207d"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 76: ", Write | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0117565bbad1d2e4-be9a0fc7-46b146f1-9fdcb6e5-9d50baee3cb3af0e451d5aa5"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | " Serialization specification: Specification, A.6, Guarding Unshared Deserialized Objects " | ]]></ac:plain-text-body></ac:structured-macro> |
...