[
https://issues.apache.org/jira/browse/NUTCH-2812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17784299#comment-17784299
]
ASF GitHub Bot commented on NUTCH-2812:
---------------------------------------
GabeHaegele opened a new pull request, #798:
URL: https://github.com/apache/nutch/pull/798
Thanks for your contribution to [Apache Nutch](https://nutch.apache.org/)!
Your help is appreciated!
Before opening the pull request, please verify that
* there is an open issue on the [Nutch issue
tracker](https://issues.apache.org/jira/projects/NUTCH) which describes the
problem or the improvement. We cannot accept pull requests without an issue
because the change wouldn't be listed in the release notes.
* the issue ID (`NUTCH-XXXX`)
- is referenced in the title of the pull request
- and placed in front of your commit messages surrounded by square
brackets (`[NUTCH-XXXX] Issue or pull request title`)
* commits are squashed into a single one (or few commits for larger changes)
* Java source code follows [Nutch Eclipse Code Formatting
rules](https://github.com/apache/nutch/blob/master/eclipse-codeformat.xml)
* Nutch is successfully built and unit tests pass by running `ant clean
runtime test`
* there should be no conflicts when merging the pull request branch into the
*recent* master branch. If there are conflicts, please try to rebase the pull
request branch on top of a freshly pulled master branch.
* if new dependencies are added,
- are these dependencies licensed in a way that is compatible for
inclusion under [ASF
2.0](https://www.apache.org/legal/resolved.html#category-a)?
- are `LICENSE-binary` and `NOTICE-binary` updated accordingly?
We will be able to faster integrate your pull request if these conditions
are met. If you have any questions how to fix your problem or about using Nutch
in general, please sign up for the [Nutch mailing
list](https://nutch.apache.org/mailing_lists.html). Thanks!
> Methods returning array may expose internal representation
> ----------------------------------------------------------
>
> Key: NUTCH-2812
> URL: https://issues.apache.org/jira/browse/NUTCH-2812
> Project: Nutch
> Issue Type: Sub-task
> Affects Versions: 1.17
> Reporter: Lewis John McGibbney
> Assignee: Lewis John McGibbney
> Priority: Major
> Fix For: 1.20
>
>
> Returning a reference to a mutable object value stored in one of the object's
> fields exposes the internal representation of the object. If instances are
> accessed by untrusted code, and unchecked changes to the mutable object would
> compromise security or other important properties, you will need to do
> something different. Returning a new copy of the object is better approach in
> many situations.
> For example org.apache.nutch.fetcher.FetchNode.getOutlinks() may expose
> internal representation by returning FetchNode.outlinks
> There are 11 such occurrences of this bug in the codebase.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
