安全性 - 数组直接存储

2022-01-17 00:00:00 sonarqube java findbugs

我什至提到:声纳违规:安全 - 阵列直接存储

我的代码是--->

    public final void setSelectedObjectsList(final ScheduleDTO[] selectedObjectsList) 
               //      Security - Array is stored directly    
               //The user-supplied array 'selectedObjectsList' is stored directly.      
{
            if (selectedObjectsList != null) {
                this.selectedObjectsList = selectedObjectsList.clone();
            } else {
                this.selectedObjectsList = null;
            }
        }

这已经在处理防御副本了,不知道为什么声纳就在函数参数处对我大喊大叫.

This is already taking care of defensive copy wonder why sonar is yelling at me right at function parameter.

这不是重复的声纳违规:安全 - 数组直接存储

再次感谢您的帮助和时间.

Again, Thank-you for your hyelp and time.

推荐答案

不确定 Sonar 的想法,但使用 clone() 进行防御性浅拷贝应该适用于数组,就像 Arrays.copyOfSystem.arrayCopy().

Not sure what Sonar is thinking but defensive shallow copying with clone() should work fine for arrays, as would Arrays.copyOf and System.arrayCopy().

另一方面,由于您已经将数组称为列表:selectedObjectsList,您也可以将其设为实际列表并进行一些重构:

On the other hand, since you are already calling the array a list: selectedObjectsList, you could also make it an actual list and refactor a bit:

public final void setSelectedSchedules(List<ScheduleDTO> selectedSchedules) {
    this.selectedSchedules = selectedSchedules != null ? new ArrayList<ScheduleDTO>(selectedSchedules) : null;
}

相关文章