...
Additionally, returning references to an an object's internal mutable components provides an attacker with the opportunity to corrupt the state of the object. Accessor methods must consequently return defensive copies of internal mutable objects; see rule OBJ09OBJ05-J. Defensively copy private mutable class members before returning their references for additional information.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cf74e8d50b0fdc6b-84eab93c-43714bda-83458864-6bec5bed67ffd432dbaaafd3"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 39: Make defensive copies when needed | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5cb5ffeef03a5e77-66348c84-469a46be-9941bb86-a8faffd022663c1252522ada"><ac:plain-text-body><![CDATA[ | [[Pugh 2009 | AA. Bibliography#Pugh 09]] | Returning references to internal mutable state | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6e5a3cf7a9f821a7-7cc436c6-410d4ed5-ae26b921-8d939be28ba365befa57154c"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 2-1 Create a copy of mutable inputs and outputs | ]]></ac:plain-text-body></ac:structured-macro> |
...