Reputation: 7576
java: implications other than security when constructor stores user-supplied array directly
I've run Sonar on a project at work and found a violation 'The user-supplied array is stored directly'.
So looking a little deeper into what that means exactly I came across lots of stuff discussing it from security perspective (for example...). So when I read or hear 'security' I'm thinking malice, cracking, data breach and other grave consequences.
But I wonder what else could go wrong, especially in a load balance environment. Would this be a reason to worry about data contamination across sessions? One customers order data getting corrupted with someone else's details, etc?
Upvotes: 1
Views: 658
Answers (1)
Reputation: 26843
Basically, you should consider this rule as very important if you're exposing a Java API to the rest of the world. The link you provided perfectly explains why (a consumer of your API would be able to change the array at any time if you don't clone it).
If violations occur in your internal implementations (that no one else will ever touch or use), you can lower the severity of the violations as there's no risk that a third-party code can modify the array. However, don't forget that code lives and evolves, and some day even your internal classes may be exposed to the rest of the world.
Upvotes: 1
Related Questions
- Java Arrays and constructors
- Array Privacy Java - Basic
- Why Array and Integer constructor are ambigious
- Very simple Q about constructors with an array object
- Array as constructor parameter
- Array declaration trick : Is it bad to use it?
- In Java why Array's class constructor is private?
- passing arrays to a constructor
- Initializing array on the fly in constructor (Java)
- constructor calling in array creation