Security Code Guidelines

These rules check the security guidelines from Sun, published at http://java.sun.com/security/seccodeguide.html#gcg

MethodReturnsInternalArray

Since: PMD 2.2

Exposing internal arrays to the caller violates object encapsulation since elements can be removed or replaced outside of the object that owns it. It is safer to return a copy of the array.

This rule is defined by the following Java class:net.sourceforge.pmd.lang.java.rule.sunsecure.MethodReturnsInternalArrayRule

Example(s):
  
public class SecureSystem {
  UserData [] ud;
  public UserData [] getUserData() {
      // Don't return directly the internal array, return a copy
      return ud;
  }
}
  
      

This rule has the following properties:

Name Default Value Description
violationSuppressRegex Suppress violations with messages matching a regular expression
violationSuppressXPath Suppress violations on nodes which match a given relative XPath expression.

ArrayIsStoredDirectly

Since: PMD 2.2

Constructors and methods receiving arrays should clone objects and store the copy. This prevents future changes from the user from affecting the original array.

This rule is defined by the following Java class:net.sourceforge.pmd.lang.java.rule.sunsecure.ArrayIsStoredDirectlyRule

Example(s):
  
public class Foo {
  private String [] x;
    public void foo (String [] param) {
      // Don't do this, make a copy of the array at least
      this.x=param;
    }
}
  
      

This rule has the following properties:

Name Default Value Description
violationSuppressRegex Suppress violations with messages matching a regular expression
violationSuppressXPath Suppress violations on nodes which match a given relative XPath expression.