[commons-beanutils] 02/02: [ERROR] Medium: org.apache.commons.beanutils2.converters.ArrayConverter.setAllowedChars(char[]) may expose internal representation by storing an externally mutable object into ArrayConverter.allowedChars [org.apache.commons.beanutils2.converters.ArrayConverter] At ArrayConverter.java:[line 202] EI_EXPOSE_REP2

ggregory Thu, 21 Apr 2022 16:16:40 -0700

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-beanutils.git


commit 402b37017ca5458617f85711cb4fac0ff54d8c59
Author: Gary Gregory <[email protected]>
AuthorDate: Thu Apr 21 19:16:32 2022 -0400

    [ERROR] Medium:
    
org.apache.commons.beanutils2.converters.ArrayConverter.setAllowedChars(char[])
    may expose internal representation by storing an externally mutable
    object into ArrayConverter.allowedChars
    [org.apache.commons.beanutils2.converters.ArrayConverter] At
    ArrayConverter.java:[line 202] EI_EXPOSE_REP2
---
 src/changes/changes.xml                                                | 3 +++
 .../java/org/apache/commons/beanutils2/converters/ArrayConverter.java  | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index c47d750e..54b4cb3b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -86,6 +86,9 @@
       <action dev="ggregory" type="fix" due-to="Gary Gregory">
         Fix SpotBugs [ERROR] Medium: Unused public or protected field: 
org.apache.commons.beanutils2.WrapDynaClass.descriptors 
[org.apache.commons.beanutils2.WrapDynaClass] In WrapDynaClass.java 
UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD.
       </action>
+      <action dev="ggregory" type="fix" due-to="Gary Gregory">
+        Fix SpotBugs [ERROR] Medium: 
org.apache.commons.beanutils2.converters.ArrayConverter.setAllowedChars(char[]) 
may expose internal representation by storing an externally mutable object into 
ArrayConverter.allowedChars 
[org.apache.commons.beanutils2.converters.ArrayConverter] At 
ArrayConverter.java:[line 202] EI_EXPOSE_REP2.
+      </action>
       <!--  UPDATES -->
       <action dev="ggregory" type="update" due-to="Dependabot, Gary Gregory">
         Bump actions/cache from 2 to 3.0.2 #77, #89, #103, #111.
diff --git 
a/src/main/java/org/apache/commons/beanutils2/converters/ArrayConverter.java 
b/src/main/java/org/apache/commons/beanutils2/converters/ArrayConverter.java
index edf93bf2..2449791a 100644
--- a/src/main/java/org/apache/commons/beanutils2/converters/ArrayConverter.java
+++ b/src/main/java/org/apache/commons/beanutils2/converters/ArrayConverter.java
@@ -25,6 +25,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Objects;
 
 import org.apache.commons.beanutils2.ConversionException;
 import org.apache.commons.beanutils2.Converter;
@@ -199,7 +200,7 @@ public class ArrayConverter extends AbstractConverter {
      * the tokens when parsing a delimited String [default is '.' and '-']
      */
     public void setAllowedChars(final char[] allowedChars) {
-        this.allowedChars = allowedChars;
+        this.allowedChars = Objects.requireNonNull(allowedChars, 
"allowedChars").clone();
     }
 
     /**

Reply via email to