英文:
Findbugs [Malicious code vulnerability | EI_EXPOSE_REP2] not thrown on self written classes
问题
我们昨天将SpotBugs引入了我们的应用程序。我们大部分的错误是[恶意代码漏洞 | EI_EXPOSE_REP2]...可能通过将外部可变对象存储到内部表示中来暴露内部表示...。
我们理解这一点,但我们不明白的是,这些错误只出现在Date类上。我们有自己编写的类,这些类由其他类持有,但是这个错误在那里并没有被抛出。
为什么它对待Date类与我们自己编写的类不同?其他类也不是不可变的。我们主要使用lombok来生成getter、setter和builder。
谢谢。
英文:
we have implemented spotbugs into our applications yesterday. Most of our bugs were [Malicious code vulnerability | EI_EXPOSE_REP2]...may expose internal representation by storing an externally mutable object into....
We understand this, but what we don't understand is, that these bugs were only thrown on Date classes. We have selfwritten classes which are held by other classes and this bug was not thrown there.
Why does it handle Date differently than selfwritten classes? The other classes are not immutable either. We mainly use lombok for getters, setters and builders.
Thanks
答案1
得分: 0
示例
class MyClass {
private Date billDate;
public void setBillDate(Date billDate) {
this.billDate = billDate;
}
}
解决方案是 `this.billDate = new Date(billDate.getTime());`
class MyClass {
private Date billDate;
public void setBillDate(Date billDate) {
this.billDate = new Date(billDate.getTime());
}
}
英文:
Example
class MyClass {
private Date billDate;
public void setBillDate(Date billDate) {
this.billDate = billDate;
}
}
The solution is this.billDate = new Date(billDate.getTime());
class MyClass {
private Date billDate;
public void setBillDate(Date billDate) {
this.billDate = new Date(billDate.getTime());
}
}
专注分享java语言的经验与见解,让所有开发者获益!
评论