Findbugs reports a lot of EI_EXPOSE_REP and EI_EXPOSE_REP2 bugs on my code, each time I write getters and setters like this:
public Date getDate() {
return date;
}
public void setDate(final Date date) {
this.date = date;
}
I understand the meaning of the report, I should not expose the internal references of my objet to the outside world so that they can not be modified by a malicious/erronous code. A fix would be:
public Date getDate() {
return date == null ? null : date.clone();
}
public void setDate(Date date) {
this.date = date == null ? null : date.clone();
}
My question is not here. I am surprised that this report concerns ALWAYS Date. Why not all other mutable objects? I think this report goes for all mutable objects too, doesn't it ?
Should I extend this "good practice" to all my accessors that deal with mutable objects?
Give me your advice, thanks
I would certainly expect this report to relate to all mutable objects, but I suspect that FindBugs is aware of certain common offenders.
I'm normally careful with exposing internal state via getters e.g.
public ArrayList<Trade> getTrades() {
return trades;
}
means
As such there are two approaches.
Similar arguments relate to setters and constructor arguments.
Note that you can find yourself copying lots of objects upon exposure in order to protect yourself, and potentially doing a lot of extra work. It's a technique to be used judiciously and it's worth understanding who your client objects are, and if you can control and/or trust them.