MALICIOUS_CODE EI_EXPOSE_REP Medium

Walter White picture Walter White · Nov 14, 2009 · Viewed 19.1k times · Source

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user:

public class User implements Serializable
{
    protected Date birthDate;

    public Date getBirthDate()
    {return(birthDate);}

    public void setBirthDate(final Date birthDate)
    {this.birthDate = birthDate;}
}

This class is incomplete, so don't harp me about it missing the serialVersionUID and other standard stuff, I am just concerned with the birthDate security hole.

Now, according to the findbugs report, since I am returning a reference to a mutable object, that is a potential security risk. In practice though, how much does that really matter?

http://findbugs.sourceforge.net/bugDescriptions.html#EI_EXPOSE_REP

I suppose I still don't really see what the problem is here in this case. Should I pass in a long and set the date from that?

Walter

Answer

Matt Solnit picture Matt Solnit · Nov 14, 2009

I think the key here is the if:

If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different.

So in other words, if you wanted an immutable object (i.e. you didn't have a setBirthdate() method), your code be incorrect, because someone could write:

Date date = user.getBirthDate();
date.setMonth(1);  // mutated!

So you would probably want the following instead:

public Date getBirthDate()
{return new Date(birthDate.getTime());}  // essentially a clone