...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar | 4.2 | FB.MALICIOUS_CODE.EI_EXPOSE_REP FB.MALICIOUS_CODE.EI_EXPOSE_REP2 | May expose internal representation by returning reference to mutable object May expose internal representation by incorporating reference to mutable object | ||||||
Coverity | 7.5 | FB.EI_EXPOSE_REP2 | Implemented | ||||||
Parasoft Jtest |
| SECURITYCERT.WSCOBJ04.CLONE SECURITYCERT.EABOBJ04.CPCL SECURITYCERT.EABOBJ04.MPT SECURITYCERT.EABOBJ04.SMO OOPCERT.OBJ04.MUCOP | Make your 'clone()' method "final" for security Enforce returning a defensive copy in 'clone()' methods Do not pass user-given mutable objects directly to certain types Do not store user-given mutable objects directly into variables Provide mutable classes with copy functionality |
...