maulzey
Reputation: 4240
Security - Array is stored directly
I even refered : Sonar Violation: Security - Array is stored directly
My code is as --->
public final void setSelectedObjectsList(final ScheduleDTO[] selectedObjectsList)
// Security - Array is stored directly
//The user-supplied array 'selectedObjectsList' is stored directly.
{
if (selectedObjectsList != null) {
this.selectedObjectsList = selectedObjectsList.clone();
} else {
this.selectedObjectsList = null;
}
}
This is already taking care of defensive copy wonder why sonar is yelling at me right at function parameter.
This not not duplicate as Sonar Violation: Security - Array is stored directly
Again, Thank-you for your hyelp and time.
Upvotes: 4
Views: 9960
Answers (1)
Jukka
Reputation: 4663
Not sure what Sonar is thinking but defensive shallow copying with clone() should work fine for arrays, as would Arrays.copyOf and System.arrayCopy().
On the other hand, since you are already calling the array a list: selectedObjectsList, you could also make it an actual list and refactor a bit:
public final void setSelectedSchedules(List<ScheduleDTO> selectedSchedules) {
this.selectedSchedules = selectedSchedules != null ? new ArrayList<ScheduleDTO>(selectedSchedules) : null;
}
Upvotes: 6
Related Questions
- SonarQube issue with public static variables | JAVA
- "hashCode" and "toString" should not be called on array instances (SonarLint)
- Sonar Violation: Security - Array is stored directly
- Sonar Violation:Security-Array is stored directly
- Defensive copying help - Array is stored directly - Impact Analysis
- The user-supplied array is stored directly
- Sonar Issue - Array is directly stored
- Sonar Violation: Security - Array is stored directly - Why only arrays?
- java: implications other than security when constructor stores user-supplied array directly
- Sonar Security - Array is stored directly :: why issue in array only in ArrayList?