FindBugs:EI_EXPOSE_REP背后的真正威胁 [英] FindBugs : real threat behind EI_EXPOSE_REP
问题描述
FindBugs引发了一个名为 EI_EXPOSE_REP 的错误,其描述如下:
FindBugs raises a bug called EI_EXPOSE_REP with the following description :
EI:可以通过返回对可变对象的引用来公开内部表示形式
返回对存储在对象字段之一中的可变对象值的引用,以显示该对象的内部表示形式.如果实例是由不受信任的代码访问的,并且对可变对象的未经检查的更改会损害安全性或其他重要属性,那么您将需要做一些不同的事情.在许多情况下,返回对象的新副本是更好的方法.
关于SO的几个问题( 1 ,->->->->->->->中的问题)已经解决了如何避免此类错误,并且我了解这是一种防止更改不可变对象的最佳实践.我尚不清楚为什么这样的错误属于MALICIOUS_CODE类别.
Several questions on SO (1, 2 and 3) have already addressed how to avoid such bug and I understand that it is a development best practice to prevent modifications of immutable objects however it is not clear to me why such bug belongs to the MALICIOUS_CODE category.
这背后的真正威胁是什么?
What is the real threat behind this ?
如果这是一个恶意代码问题,则攻击者几乎可以执行他想要的任何事情,而可变性并不是最大的问题.如果这是一个漏洞,则只有在执行不受信任的代码的情况下也可以利用该漏洞,而且我看不到任何用例都属实.
If it's a malicious code problem, the attacker can do almost anything he wants and mutability wouldn't be the biggest problem. If it is a vulnerability, it can be exploited only if untrusted code is executed also and I can't see any usecase where this is true.
对此有何看法?
谢谢!
推荐答案
重点是,每当您打开一个实现时,都会有意或以其他方式运行代码的 risk 造成损害.例如,显然,恶意库用户可以拆开jar并了解详细信息,重点是最小化暴露风险:无法消除.
The point is that any time you open up an implementation you run the risk of code doing damage, intentionally or otherwise. Obviously a malicious library user, for example, could just disassemble your jar and learn details that way–the point is to minimize the risk of exposure: it cannot be eliminated.
一个简单的外部代码访问您的库的示例:
A trivial example of external code accessing your library:
考虑一些简单的东西,例如拥有访问级别的对象.如果它是可变的,则可以想象库用户可以设置自己的访问级别.琐碎的事情很少会被任何合理的库公开,但这是何时滥用内部表示的一个明显例子.
Consider something simple like an object that holds an access level. If it was mutable, it's conceivable a library user could set their own access level. Something this trivial would rarely be exposed by any reasonable library, but it's a clear example of when an internal representation might be abused.
最重要的是,暴露的可变状态使代码难以推理,也难以保护.您的代码或其他代码可能会意外或故意修改您自己的代码/库使用的内容.如果您的库随后在不考虑其行为的情况下更改了其行为,则可能会引入一个细微(或不太细微)的错误.
The bottom line is that exposed mutable state makes code difficult to reason about, and difficult to protect. Your code or others may accidentally, or deliberately, modify something your own code/library uses. If your library then changes its behavior without taking that into account, you may introduce a subtle (or not so subtle) bug.
这篇关于FindBugs:EI_EXPOSE_REP背后的真正威胁的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
