import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.LinkedList;
import java.util.ArrayList;
import java.util.Arrays;
import com.google.common.collect.ImmutableCollection;
import java.util.Collections;
class A {
private String[] strings;
public String[] properties;
private List<String> list = new LinkedList<>();
// coverage
private static List<String> staticList = null;
private List<String> otherList = staticList;
private ImmutableCollection ic;
public A () {
strings = new String[]{"first", "second"};
properties = new String[]{"a"};
}
public String [] getStrings() {
return strings; // Noncompliant [[sc=12;ec=19]] {{Return a copy of "strings".}}
}
public void other(String[] given) {
String[] doSomething = given; // Noncompliant [[sc=28;ec=33]] {{Store a copy of "given".}}
return;
}
public void setStrings(String [] strings) {
this.strings = strings; // Noncompliant {{Store a copy of "strings".}}
String[] local;
this.strings = local;
}
public void setImmutableCollection(ImmutableCollection ic) {
this.ic = ic;
}
public List<String> foo() {
return list; // Noncompliant
}
public List<String> foo2() {
List<String> plop = Collections.unmodifiableList(list);
return plop;
}
}
class C {
private String [] strings;
public C () {
strings = new String[]{"first", "second"};
}
public String [] getStrings() {
return strings.clone();
}
public void setStrings(String [] strings) {
this.strings = strings.clone(); // Compliant
}
}
// Examples coming from CERT
class MutableClass {
private Date d;
public MutableClass() {
d = new Date();
}
public Date getDate() {
return d; // Noncompliant {{Return a copy of "d".}}
}
public Date getDateOK() {
return (Date)d.clone();
}
}
class MutableClass2 {
private Date[] date;
public MutableClass2() {
date = new Date[20];
for (int i = 0; i < date.length; i++) {
date[i] = new Date();
}
}
public Date[] getDate() {
return date; // Noncompliant {{Return a copy of "date".}}
}
public Date[] getDateOK() {
Date[] dates = new Date[date.length];
for (int i = 0; i < date.length; i++) {
dates[i] = (Date) date[i].clone();
}
return dates;
}
}
class ReturnRef {
// Internal state, may contain sensitive data
private Hashtable<Integer,String> ht = new Hashtable<Integer,String>();
private ReturnRef() {
ht.put(1, "123-45-6666");
}
public Hashtable<Integer,String> getValues(){
return ht; // Noncompliant {{Return a copy of "ht".}}
}
private Hashtable<Integer,String> getValuesOK(){
return (Hashtable<Integer, String>) ht.clone(); // shallow copy
}
}
class Fields {
private static final List<String> UNMODIFIABLE = Collections.unmodifiableList(Arrays.asList("A", "B", "C"));
private static final List<String> UNMODIFIABLE2;
private static final Object UNMODIFIABLE_OBJECT;
static {
UNMODIFIABLE2 = Collections.unmodifiableList(Arrays.asList("A", "B", "C"));
UNMODIFIABLE_OBJECT = UNMODIFIABLE2;
}
private static final ImmutableCollection UNMODIFIABLE3 = getImmutableCollection();
private static final List<String> MODIFIABLE = new ArrayList<>();
private static final List<String> MODIFIABLE2;
static {
MODIFIABLE2 = new ArrayList<>();
}
private static List<String> unmodifiable_not_final = Collections.unmodifiableList(Arrays.asList("A", "B", "C"));
public List<String> foo1() {
return UNMODIFIABLE; // Compliant
}
public List<String> foo2() {
return UNMODIFIABLE2; // Compliant
}
public List<String> foo3() {
return UNMODIFIABLE3; // Compliant
}
public List<String> bar1() {
return unmodifiable_not_final; // Noncompliant
}
public List<String> bar2() {
return MODIFIABLE; // Noncompliant
}
public List<String> bar3() {
return MODIFIABLE2; // Noncompliant
}
private static ImmutableCollection getImmutableCollection() {
return null;
}
}