Security - the array is stored directly

Question

Security - the array is stored directly

I even mentioned: Sonar violation: security - the array is stored directly

My code is --->

public final void setSelectedObjectsList(final ScheduleDTO[] selectedObjectsList) // Security - Array is stored directly //The user-supplied array 'selectedObjectsList' is stored directly. { if (selectedObjectsList != null) { this.selectedObjectsList = selectedObjectsList.clone(); } else { this.selectedObjectsList = null; } }

This already cares for the defense copy, why the sonar yells at me directly at the function parameter.

This is not duplicated as Sonar Violation: Security - The array is stored directly

Again, thanks for your help and time.

+4

java sonarqube findbugs

Maulzey Jun 03 '13 at 18:41

source share

1 answer

Jukka · Accepted Answer · 2013-06-03T19:29:48+0000

Not sure what sonar is thinking, but defensive shallow copying with clone() should work fine for arrays, like Arrays.copyOf and System.arrayCopy() .

On the other hand, since you are already calling the array as a list: selectedObjectsList , you can also make it an actual list and reorganize the bit:

 public final void setSelectedSchedules(List<ScheduleDTO> selectedSchedules) { this.selectedSchedules = selectedSchedules != null ? new ArrayList<ScheduleDTO>(selectedSchedules) : null; }

Security - the array is stored directly

More articles: