为什么要返回this.variable不是一个漏洞?
[英]Why is returning this.variable not a vulnerability?
问题描述
Sonar rule squid:S2384 raises an issue on this code: 
声纳规则squid:S2384引发了这个代码的问题:
public Date getCreatedOn() {
return createdOn;
}
following the rule Mutable members should not be stored or returned directly 遵循规则不应存储或直接返回Mutable成员
I understand that we should not return the original, instead we should return a copy of the object. 我明白我们不应该返回原文,而是应该返回该对象的副本。
On the other hand, Sonar does not raise an issue on this code: 另一方面,Sonar没有就此代码提出问题:
public Date getCreatedOn() {
return this.createdOn;
}
What makes this code different? 是什么让这个代码不同?
Are we not returning the original copy in the 2nd case? 我们是不是在第二种情况下退回原件?
2 个解决方案
解决方案1
10 已采纳 2017-08-09 09:22:31
This is a deficiency in a way how SonarJava (Java static code analyzer used in SonarQube platform) detects this issue. 这是SonarJava(SonarQube平台中使用的Java静态代码分析器)检测到此问题的方式的缺陷。 I created following ticket to improve the implementation to cover cases when field is returned using this . 我创建了以下故障单以改进实现,以涵盖使用this字段返回字段时的情况。
https://jira.sonarsource.com/browse/SONARJAVA-2424 https://jira.sonarsource.com/browse/SONARJAVA-2424
解决方案2
-2 2017-08-09 07:58:46
the code you have shared is same. 您共享的代码是相同的。 but the link you have shared is different. 但是你分享的链接是不同的。
if a class have data-member of reference type and it is mutable and when we are returning directly we are referring the same object, so it can be modified. 如果一个类具有引用类型的数据成员并且它是可变的,并且当我们直接返回时,我们引用相同的对象,因此可以修改它。 It is better to return value of an object by another object. 最好用另一个对象返回一个对象的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.