...
An untrusted invoker may call the mutator method setArray() and violate the object's immutability property. Invoking the getter method getArray() also allows modification of the private internal state of the class. This class also violates OBJ05-J. Defensively copy Do not return references to private mutable class members before returning their references.
Noncompliant Code Example
...
In this class, invoking the getter method getArray() does not allow modification of the private internal state of the class, in accordance with OBJ05-J. Defensively copy Do not return references to private mutable class members before returning their references. However, an untrusted invoker may call the method setArray() and modify the Mutable object.
...
Failure to provide an unmodifiable, safe view of a sensitive mutable object to untrusted code can lead to malicious tampering and corruption of the object.
Automated Detection
| Tool | Version | Checker | Description |
|---|
Bibliography
...
...