CWE-580 未定义super.clone()的clone()方法
clone() Method Without super.clone()
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: unkown
基本描述
The software contains a clone() method that does not call super.clone() to obtain the new object.
扩展描述
All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass's clone() method will return an object of the wrong type.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 573 cwe_View_ID: 1000
-
cwe_Nature: ChildOf cwe_CWE_ID: 573 cwe_View_ID: 699
适用平台
Language: {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Integrity', 'Other'] | ['Unexpected State', 'Quality Degradation'] |
可能的缓解方案
Implementation
策略:
Call super.clone() within your clone() method, when obtaining a new object.
Implementation
策略:
In some cases, you can eliminate the clone method altogether and use copy constructors.
示例代码
例
The following two classes demonstrate a bug introduced by not calling super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer's clone method will return an object of type Kibitzer instead of FancyKibitzer.
bad Java
Object returnMe = new Kibitzer();
...
}
}
public class FancyKibitzer extends Kibitzer{
Object returnMe = super.clone();
...
}
}
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Software Fault Patterns | SFP28 | Unexpected access points |
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论