...
Even though SomeType is immutable, this declaration allows the SOMETHINGS array to be modified by untrusted clients of the code. Any element of the array can be assigned a new SomeType object, which would effectively assign a new value to that array elementvalue, namely a reference to a new SomeType object.
This noncompliant code example also violates OBJ01-J. Limit accessibility of fields.
...
This noncompliant code example complies with OBJ01-J. Limit accessibility of fields by declaring the array private. But, in declaring the array private, this code example violates OBJ05-J. Do not return references to private mutable class members.
Suppose that SomeType is immutable.
...
Even though SomeType is immutable, the public getter method enables untrusted clients to modify the SOMETHINGS array. Any element of the array can be assigned a new SomeType object, which would effectively assign a new value to that array elementvalue, namely a reference to a new SomeType object.
Compliant Solution (clone)
...
Now, the original array cannot be modified by any client. If SomeType were mutable, this approach would not be effective because the array clone references the same SomeType objects as the SOMETHINGS array. If the client changed modified the clone SomeType objects directly, the SomeType objects referenced by the SOMETHINGS array would also change.
...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.OBJ13.RMO | Avoid referencing mutable fields | ||||||
| SonarQube |
| ||||||||
| SpotBugs |
| MS_EXPOSE_REP | Implemented (since 4.3.0) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...