Some Java Guy
Reputation: 5118
Defensive copying help - Array is stored directly - Impact Analysis
I have fixed one Sonar security alert - Array is stored directly by
Initially
void setDerivedKey(byte[] derivedKey)
{
this.derivedKey = derivedKey;
}
To
void setDerivedKey (byte[] newDerivedKey)
{
if(newDerivedKey==null)
{ this.derivedKey = new byte[0]; }
else
{ this.derivedKey = Arrays.copyOf(newDerivedKey, newDerivedKey.length); }
}
How do I fix this
public pEngine(byte[] salt) {
byte[] mySalt = Arrays.copyOf(salt, salt.length); //Edited as per below answer
this.parameters = new pParameters("SomeValue", "SomeValue2", salt, 100); }
What is the Impact of the fix on
Performance
Memory management
Functionality
Upvotes: 0
Views: 53
Answers (1)
Thom
Reputation: 15052
I'm not sure I understand. Why not:
public pEngine(byte[] salt) {
byte[] mySalt = Arrays.copyOf(salt, salt.length);
this.parameters = new pParameters("SomeValue", "SomeValue2", mySalt, 100);
}
Upvotes: 1
Related Questions
- Mutable members should not be stored on ArrayList - Sonar vulnerability
- Java - modifying copied array also effecting orignal array
- Array copying confusion
- Returning 'data' may exposed internal array?
- Java Arrays- copying vs editing them
- Security - Array is stored directly
- Copying Arrays The Right Way
- Can I use Arrays.copyOf to make a defensive copy of a two dimensional array?
- Sonar Security - Array is stored directly :: why issue in array only in ArrayList?
- Java: most efficient way to defensively copy an int[]?