安全性-阵列直接存储 [英] Security - Array is stored directly

问题描述

我什至提到:>声纳违规:安全性-阵列直接存储

我的代码为--->

    public final void setSelectedObjectsList(final ScheduleDTO[] selectedObjectsList) 
               //      Security - Array is stored directly    
               //The user-supplied array 'selectedObjectsList' is stored directly.      
{
            if (selectedObjectsList != null) {
                this.selectedObjectsList = selectedObjectsList.clone();
            } else {
                this.selectedObjectsList = null;
            }
        }

这已经在考虑防御性复制了，想知道为什么声纳会在功能参数上对我大喊大叫.

This is already taking care of defensive copy wonder why sonar is yelling at me right at function parameter.

这不是重复的 >违反声纳:安全-阵列直接存储

再次感谢您的帮助和时间.

Again, Thank-you for your hyelp and time.

推荐答案

不确定Sonar的想法，但使用clone()进行防御性浅层复制应该可以很好地用于数组，就像Arrays.copyOf和System.arrayCopy()一样.

Not sure what Sonar is thinking but defensive shallow copying with clone() should work fine for arrays, as would Arrays.copyOf and System.arrayCopy().

另一方面，由于您已经将数组称为列表:selectedObjectsList，因此您也可以将其设为实际列表并进行一些重构:

On the other hand, since you are already calling the array a list: selectedObjectsList, you could also make it an actual list and refactor a bit:

public final void setSelectedSchedules(List<ScheduleDTO> selectedSchedules) {
    this.selectedSchedules = selectedSchedules != null ? new ArrayList<ScheduleDTO>(selectedSchedules) : null;
}

这篇关于安全性-阵列直接存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！