MET05 | 您所在的位置:网站首页 › clone should not be overridden › MET05 |
According to The Java Language Specification, 搂12.5, "Creation of New Class Instances" [JLS 2015]: Unlike C++, the Java programming language does not specify altered rules for method dispatch during the creation of a new class instance. If methods are invoked that are overridden in subclasses in the object being initialized, then these overriding methods are used, even before the new object is completely initialized. Invocation of an overridable method during object construction may result in the use of uninitialized data, leading to runtime exceptions or to unanticipated outcomes. Calling overridable methods from constructors can also leak the this reference before object construction is complete, potentially exposing uninitialized or inconsistent data to other threads (see TSM01-J. Do not let the this reference escape during object construction for additional information). As a result, a class's constructor must invoke (directly or indirectly) only methods in that class that are static, final or private. Noncompliant Code ExampleThis noncompliant code example results in the use of uninitialized data by the doLogic() method: class SuperClass { public SuperClass () { doLogic(); } public void doLogic() { System.out.println("This is superclass!"); } } class SubClass extends SuperClass { private String color = "red"; public void doLogic() { System.out.println("This is subclass! The color is :" + color); // ... } } public class Overridable { public static void main(String[] args) { SuperClass bc = new SuperClass(); // Prints "This is superclass!" SuperClass sc = new SubClass(); // Prints "This is subclass! The color is :null" } }The doLogic() method is invoked from the superclass's constructor. When the superclass is constructed directly, the doLogic() method in the superclass is invoked and executes successfully. However, when the subclass initiates the superclass's construction, the subclass's doLogic() method is invoked instead. In this case, the value of color is still null because the subclass's constructor has not yet concluded. Compliant SolutionThis compliant solution declares the doLogic() method as final so that it cannot be overridden: class SuperClass { public SuperClass() { doLogic(); } public final void doLogic() { System.out.println("This is superclass!"); } } Risk AssessmentAllowing a constructor to call overridable methods can provide an attacker with access to the this reference before an object is fully initialized, which could lead to a vulnerability. Rule Severity Likelihood Remediation Cost Priority Level MET05-J Medium Probable Medium P8 L2 Automated DetectionAutomated detection of constructors that contain invocations of overridable methods is straightforward. ToolVersionCheckerDescriptionPVS-Studio7.31 V6052SonarQube9.9S1699Constructors should only call non-overridable methodsSpotBugs4.6.0 MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTORImplemented (since 4.5.0)Related GuidelinesISO/IEC TR 24772:2010 Inheritance [RIP] Secure Coding Guidelines for Java SE, Version 5.0 Guideline 7-4 / OBJECT-4: Prevent constructors from calling methods that can be overridden Bibliography[ESA 2005] Rule 62, Do not call nonfinal methods from within a constructor [JLS 2015] Chapter 8, "Classes"搂12.5, "Creation of New Class Instances" [Rogue 2000] Rule 81, Do not call non-final methods from within a constructor
|
CopyRight 2018-2019 实验室设备网 版权所有 |