admin 管理员组文章数量: 1086019
Small question regarding a Spotbugs finding I am having a hard time fixing.
In this super simple class:
import io.micrometer.observation.ObservationRegistry;
@Service
public final class MyService {
private final ObservationRegistry observationRegistry;
public MyService(final ObservationRegistry registry) {
this.observationRegistry = registry;
}
I am getting flagged on the observationRegistry with
may expose internal representation by storing an externally mutable object into MyService.observationRegistry
I tried invoking a possible clone() method on the registry, but no luck.
How do I fix this?
Small question regarding a Spotbugs finding I am having a hard time fixing.
In this super simple class:
import io.micrometer.observation.ObservationRegistry;
@Service
public final class MyService {
private final ObservationRegistry observationRegistry;
public MyService(final ObservationRegistry registry) {
this.observationRegistry = registry;
}
I am getting flagged on the observationRegistry with
may expose internal representation by storing an externally mutable object into MyService.observationRegistry
I tried invoking a possible clone() method on the registry, but no luck.
How do I fix this?
Share Improve this question asked Mar 27 at 22:04 PatPandaPatPanda 5,12828 gold badges116 silver badges251 bronze badges 01 Answer
Reset to default 1Did you read the whole description? https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#ei2-may-expose-internal-representation-by-incorporating-reference-to-mutable-object-ei-expose-rep2
EI2: May expose internal representation by incorporating reference to mutable object (EI_EXPOSE_REP2) This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
The whole point here is making internal data available externally, I'm not sure this is valid here since "untrusted code" might be able to just "attack" your registered handlers or read their outputs. Also, I might misunderstand this but if your instances can be accessed by "untrusted code", I'm not sure this will save you from anything. I guess the solution here is rather not adding sensitive data to your Observations (and supress the warning).
本文标签:
版权声明:本文标题:findbugs - Spotbugs + Java: EI_EXPOSE_REP2 may expose internal representation by storing an externally mutable object into MySer 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://roclinux.cn/p/1744065753a2527561.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论