问题描述
我什至提到:声纳违规:安全 - 阵列直接存储一个>
我的代码是--->
public final void setSelectedObjectsList(final ScheduleDTO[] selectedObjectsList) // Security - Array is stored directly //The user-supplied array 'selectedObjectsList' is stored directly. { if (selectedObjectsList != null) { this.selectedObjectsList = selectedObjectsList.clone(); } else { this.selectedObjectsList = null; } }
这已经在处理防御副本了,不知道为什么声纳就在函数参数处对我大喊大叫.
This is already taking care of defensive copy wonder why sonar is yelling at me right at function parameter.
这不是重复的声纳违规:安全 - 数组直接存储
再次感谢您的帮助和时间.
Again, Thank-you for your hyelp and time.
推荐答案
不确定 Sonar 的想法,但使用 clone() 进行防御性浅拷贝应该适用于数组,就像 Arrays.copyOf 和 System.arrayCopy().
Not sure what Sonar is thinking but defensive shallow copying with clone() should work fine for arrays, as would Arrays.copyOf and System.arrayCopy().
另一方面,由于您已经将数组称为列表:selectedObjectsList,您也可以将其设为实际列表并进行一些重构:
On the other hand, since you are already calling the array a list: selectedObjectsList, you could also make it an actual list and refactor a bit:
public final void setSelectedSchedules(List<ScheduleDTO> selectedSchedules) { this.selectedSchedules = selectedSchedules != null ? new ArrayList<ScheduleDTO>(selectedSchedules) : null; }