安全性-阵列直接存储 [英] Security - Array is stored directly
本文介绍了安全性-阵列直接存储的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我什至提到:>声纳违规:安全性-阵列直接存储
我的代码为--->
public final void setSelectedObjectsList(final ScheduleDTO[] selectedObjectsList)
// Security - Array is stored directly
//The user-supplied array 'selectedObjectsList' is stored directly.
{
if (selectedObjectsList != null) {
this.selectedObjectsList = selectedObjectsList.clone();
} else {
this.selectedObjectsList = null;
}
}
这已经在考虑防御性复制了,想知道为什么声纳会在功能参数上对我大喊大叫.
This is already taking care of defensive copy wonder why sonar is yelling at me right at function parameter.
这不是重复的 >违反声纳:安全-阵列直接存储
再次感谢您的帮助和时间.
Again, Thank-you for your hyelp and time.
推荐答案
不确定Sonar的想法,但使用clone()
进行防御性浅层复制应该可以很好地用于数组,就像Arrays.copyOf
和System.arrayCopy()
一样.
Not sure what Sonar is thinking but defensive shallow copying with clone()
should work fine for arrays, as would Arrays.copyOf
and System.arrayCopy()
.
另一方面,由于您已经将数组称为列表:selectedObjectsList
,因此您也可以将其设为实际列表并进行一些重构:
On the other hand, since you are already calling the array a list: selectedObjectsList
, you could also make it an actual list and refactor a bit:
public final void setSelectedSchedules(List<ScheduleDTO> selectedSchedules) {
this.selectedSchedules = selectedSchedules != null ? new ArrayList<ScheduleDTO>(selectedSchedules) : null;
}
这篇关于安全性-阵列直接存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文