Monday, June 25, 2012

Security - Array is stored directly

Sonar Violation: Security - Array is stored directly
Means: Constructors and methods receiving arrays should clone objects and store the copy. This prevents future changes from the user (caller/client) affect the internal functionality.

public void setMyArray(String[] myArray) {
  this.myArray = myArray;
}

Solution:

public void setMyArray(String[] newMyArray) {
  if(newMyArray == null) {
    this.myArray = new String[0];
  } else {
   this.myArray = Arrays.copyOf(newMyArray, newMyArray.length);
  }
}

1 comment:

  1. This is a good post. I believe this case is working well because of String (which of course is an inmutable class).
    If you are using own created objects, than a better soultion will be a deep copy of the objects.

    ReplyDelete