Mutable classes allow code external to the class to alter their instance or class fields. Provide means for creating copies of mutable classes so that 'disposable' instances of such classes can be passed to untrusted code. This functionality is useful when methods in other classes need to create copies of the particular class instance; see rules "FIO00-J. Defensively copy mutable inputs and mutable internal components" and "OBJ09-J. Defensively copy private mutable class members before returning their references" for additional details.
...
When untrusted code can call accessor methods passing mutable arguments, create defensive copies of the arguments before they are stored in any instance fields. See rule "FIO00-J. Defensively copy mutable inputs and mutable internal components" for additional information. When retrieving internal mutable state, make a defensive copy of that state before returning it to untrusted code. See rule "OBJ09-J. Defensively copy private mutable class members before returning their references" for additional information.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="14a8756397331040-19027d5e-49c644e8-a6b9a8f1-095dbff6666cad227ead44ef"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE-374 | http://cwe.mitre.org/data/definitions/374.html] "Passing Mutable Objects to an Untrusted Method" and [CWE-375 | http://cwe.mitre.org/data/definitions/375.html] "Returning a Mutable Object to an Untrusted Caller" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1548224c90c515ac-498a88bf-4ca247da-89a8ba6e-9112d5cd9037229ef0b31804"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method clone() | http://java.sun.com/javase/6/docs/api/java/lang/Object.html#clone()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8c37a58c8e339c39-3225b5c6-48bf4ff6-a576a9ac-30bfdd19430cb4cf932eb0e6"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 39: Make defensive copies when needed and Item 11: Override clone judiciously | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="390c2848b691c96e-d86d14b0-47de4a0c-b2cea037-2dba37e810e222d600ae9e79"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 2-2 Support copy functionality for a mutable class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5f733992e664c25f-c2a48b4d-47ea4a1e-8e16b1c7-70d33fa3fb7e1c8d47f3d8fc"><ac:plain-text-body><![CDATA[ | [[SCG 2009 | AA. Bibliography#SCG 09]] | Guideline 2-3 Support copy functionality for a mutable class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="09ad59e128458ad0-f129856f-41394511-8f8ea402-bd0d8fbf30d9a56e31229215"><ac:plain-text-body><![CDATA[ | [[Security 2006 | AA. Bibliography#Security 06]] | ]]></ac:plain-text-body></ac:structured-macro> |
...