You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2015/12/16 21:02:47 UTC
[jira] [Updated] (KARAF-4213) Public cloneable() Method Without
Final ('Object Hijack')
[ https://issues.apache.org/jira/browse/KARAF-4213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4213:
----------------------------------------
Description:
HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.
File: util\src\main\java\org\apache\karaf\util\collections\CopyOnWriteArrayIdentityList.java
Line: 247
CopyOnWriteArrayIdentityList.java, lines 246-255:
{code}
246 @Override
247 public Object clone() {
248 try {
249 CopyOnWriteArrayIdentityList thisClone = (CopyOnWriteArrayIdentityList) super.clone();
250 thisClone.setData(this.getData());
251 return thisClone;
252 } catch (CloneNotSupportedException e) {
253 throw new RuntimeException("CloneNotSupportedException is not expected here");
254 }
255 }
{code}
was:
HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.
File: util\src\main\java\org\apache\karaf\util\collections\CopyOnWriteArrayIdentityList.java
Line: 247
CopyOnWriteArrayIdentityList.java, lines 246-255:
246 @Override
247 public Object clone() {
248 try {
249 CopyOnWriteArrayIdentityList thisClone = (CopyOnWriteArrayIdentityList) super.clone();
250 thisClone.setData(this.getData());
251 return thisClone;
252 } catch (CloneNotSupportedException e) {
253 throw new RuntimeException("CloneNotSupportedException is not expected here");
254 }
255 }
> Public cloneable() Method Without Final ('Object Hijack')
> ---------------------------------------------------------
>
> Key: KARAF-4213
> URL: https://issues.apache.org/jira/browse/KARAF-4213
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.0.3
> Reporter: Eduardo Aguinaga
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
> A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.
> File: util\src\main\java\org\apache\karaf\util\collections\CopyOnWriteArrayIdentityList.java
> Line: 247
> CopyOnWriteArrayIdentityList.java, lines 246-255:
> {code}
> 246 @Override
> 247 public Object clone() {
> 248 try {
> 249 CopyOnWriteArrayIdentityList thisClone = (CopyOnWriteArrayIdentityList) super.clone();
> 250 thisClone.setData(this.getData());
> 251 return thisClone;
> 252 } catch (CloneNotSupportedException e) {
> 253 throw new RuntimeException("CloneNotSupportedException is not expected here");
> 254 }
> 255 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)