51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
38 lines
1.5 KiB
Plaintext
38 lines
1.5 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Mutable objects are those whose state can be changed. For instance, an array is mutable, but a String is not. Private mutable class members should never be returned to a caller or accepted and stored directly. Doing so leaves you vulnerable to unexpected changes in your class state.
|
|
|
|
|
|
Instead use an unmodifiable ``++Collection++`` (via ``++Collections.unmodifiableCollection++``, ``++Collections.unmodifiableList++``, ...) or make a copy of the mutable object, and store or return the copy instead.
|
|
|
|
|
|
This rule checks that private arrays, collections and Dates are not stored or returned directly.
|
|
|
|
include::../noncompliant.adoc[]
|
|
|
|
include::../compliant.adoc[]
|
|
|
|
== Resources
|
|
|
|
* https://cwe.mitre.org/data/definitions/374[MITRE, CWE-374] - Passing Mutable Objects to an Untrusted Method
|
|
* https://cwe.mitre.org/data/definitions/375[MITRE, CWE-375] - Returning a Mutable Object to an Untrusted Caller
|
|
* https://wiki.sei.cmu.edu/confluence/x/OTdGBQ[CERT, OBJ05-J.] - Do not return references to private mutable class members
|
|
* https://wiki.sei.cmu.edu/confluence/x/HTdGBQ[CERT, OBJ06-J.] - Defensively copy mutable inputs and mutable internal components
|
|
* https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|