SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 131

changes.mady.by.user Alexandre GIGLEUX

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

...

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
SECURITYCERT.EABOBJ05.CPCL, SECURITY
CERT.EABOBJ05.MPT, SECURITY
CERT.EABOBJ05.SMO, OOP.MUCOPImplemented
CERT.OBJ05.MUCOP		Enforce returning a defensive copy in 'clone()' methods
Do not pass user-given mutable objects directly to certain types
Do not store user-given mutable objects directly into variables
Provide mutable classes with copy functionality
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2384

Mutable members should not be stored or returned directly

Implemented for arraysArrays, collections Collections and Dates.

Related Vulnerabilities

Pugh [Pugh 2009] cites a vulnerability discovered by the Findbugs static analysis tool in the early betas of JDK 1.7 in which the sun.security.x509.InvalidityDateExtension class returned a Date instance through a public accessor without creating defensive copies.

...