PMD ArrayIsStoredDirectly 规则背后的推理
PMD 在 Sun Security 规则集中有一个名为 ArrayIsStoredDirectly 的规则:
接收数组的构造函数和方法应该克隆对象并存储副本。这可以防止用户将来的更改影响内部功能。
这是他们的例子:
public class Foo {
private String [] x;
public void foo (String [] param) {
// Don't do this, make a copy of the array at least
this.x=param;
}
}
我认为我不完全理解这条规则背后的推理。是因为传递的数组中的值可以在其他地方更改吗?在这方面传递集合与传递数组之间有区别吗?
PMD has a rule called ArrayIsStoredDirectly in the Sun Security ruleset:
Constructors and methods receiving arrays should clone objects and store the copy. This prevents that future changes from the user affect the internal functionality.
Here is their example:
public class Foo {
private String [] x;
public void foo (String [] param) {
// Don't do this, make a copy of the array at least
this.x=param;
}
}
I don't think I completely understand the reasoning behind this rule. Is it because the values in the array passed can be altered somewhere else? Is there a difference between passing a Collection vs passing an array in regards to this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
问题是调用者可能会保留它传递的数组参数的副本,然后可以更改其内容。如果该对象对于安全至关重要并且调用是由不受信任的代码进行的,那么您就会遇到安全漏洞。
在这种情况下,传递集合并保存它而不进行复制也将是潜在的安全风险。 (我不知道是否有 PMD 规则告诉你这一点。)
在这两种情况下,解决风险(如果它是真实的)的方法是将属性设置为参数数组或集合的副本。另一方面,如果您知道调用者始终是受信任的代码,那么复制就是浪费时间,更好的解决方案是告诉 PMD 对于该特定方法保持安静。
The problem is that the caller may keep a copy of the array argument that it passed, and can then change its contents. If the object is security critical and the call is made from untrusted code, you've got a security hole.
In this context, passing a collection and saving it without copying it would also be a potential security risk. (I don't know if there's a PMD rule to tell you this.)
In both cases, the way to address the risk (if it is real) is to set the attribute to a copy of the argument array or collection. On the other hand, if you know that the caller is always going to be trusted code, the copy is a waste of time, and a better solution would be to tell PMD to be quiet about that particular method.
传递集合或数组之间没有区别:在这两种情况下,发送者和接收者都可以修改数据结构的内容。下面是一个示例:
如果您不希望出现此行为,则必须遵循此 PMD 规则,在 Foo 中克隆数组并存储对克隆的引用。这样您就可以确保没有其他类保存对您的内部数组的引用(除非我们暂时忘记反射并且除非我们不在另一个方法中返回这个内部数组......)
There is no differnce between passing a collection or an array: in both cases sender and receiver can modify the content of the datastructure. Here's an example:
If you do not want this behaviour, you have to, following this PMD rule, clone the array in Foo and store a reference to the clone. This way you make sure, that no other class holds a reference to your internal array (unless we forget about reflection for a moment and unless we don't return this internal array in another method...)
我认为数组的主要问题是您无法控制对它的访问。
但是使用对象,您可以将成员隐藏在设置器后面,您可以控制要设置的内容。我认为这同样适用于集合,因为您需要调用
add()
并且toArray()
返回一个副本。I think the main problem with arrays is that you can not control acces to it.
But with a Object you hide members behind setters where you can control what will be set. I think the same applies to Collections because you need to call
add()
andtoArray()
returns a copy.