These rules check the security guidelines from Sun, published at http://java.sun.com/security/seccodeguide.html#gcg
Since: PMD 2.2
Priority: 3
Exposing internal arrays to the caller violates object encapsulation since elements can be removed or replaced outside of the object that owns it. It is safer to return a copy of the array.
This rule is defined by the following Java class: net.sourceforge.pmd.lang.java.rule.sunsecure.MethodReturnsInternalArrayRule
Example(s):
public class SecureSystem {
UserData [] ud;
public UserData [] getUserData() {
// Don't return directly the internal array, return a copy
return ud;
}
}
This rule has the following properties:
| Name | Default Value | Description |
|---|---|---|
| violationSuppressRegex | Suppress violations with messages matching a regular expression | |
| violationSuppressXPath | Suppress violations on nodes which match a given relative XPath expression. |
Since: PMD 2.2
Priority: 3
Constructors and methods receiving arrays should clone objects and store the copy. This prevents future changes from the user from affecting the original array.
This rule is defined by the following Java class: net.sourceforge.pmd.lang.java.rule.sunsecure.ArrayIsStoredDirectlyRule
Example(s):
public class Foo {
private String [] x;
public void foo (String [] param) {
// Don't do this, make a copy of the array at least
this.x=param;
}
}
This rule has the following properties:
| Name | Default Value | Description |
|---|---|---|
| violationSuppressRegex | Suppress violations with messages matching a regular expression | |
| violationSuppressXPath | Suppress violations on nodes which match a given relative XPath expression. |