[ https://issues.apache.org/jira/browse/KARAF-4213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4213: ---------------------------------------- Description: HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code. A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state. File: util\src\main\java\org\apache\karaf\util\collections\CopyOnWriteArrayIdentityList.java Line: 247 CopyOnWriteArrayIdentityList.java, lines 246-255: {code} 246 @Override 247 public Object clone() { 248 try { 249 CopyOnWriteArrayIdentityList thisClone = (CopyOnWriteArrayIdentityList) super.clone(); 250 thisClone.setData(this.getData()); 251 return thisClone; 252 } catch (CloneNotSupportedException e) { 253 throw new RuntimeException("CloneNotSupportedException is not expected here"); 254 } 255 } {code} was: HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code. A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state. File: util\src\main\java\org\apache\karaf\util\collections\CopyOnWriteArrayIdentityList.java Line: 247 CopyOnWriteArrayIdentityList.java, lines 246-255: 246 @Override 247 public Object clone() { 248 try { 249 CopyOnWriteArrayIdentityList thisClone = (CopyOnWriteArrayIdentityList) super.clone(); 250 thisClone.setData(this.getData()); 251 return thisClone; 252 } catch (CloneNotSupportedException e) { 253 throw new RuntimeException("CloneNotSupportedException is not expected here"); 254 } 255 } > Public cloneable() Method Without Final ('Object Hijack') > --------------------------------------------------------- > > Key: KARAF-4213 > URL: https://issues.apache.org/jira/browse/KARAF-4213 > Project: Karaf > Issue Type: Bug > Affects Versions: 4.0.3 > Reporter: Eduardo Aguinaga > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > A class has a cloneable() method that is not declared final, which allows an > object to be created without calling the constructor. This can cause the > object to be in an unexpected state. > File: > util\src\main\java\org\apache\karaf\util\collections\CopyOnWriteArrayIdentityList.java > Line: 247 > CopyOnWriteArrayIdentityList.java, lines 246-255: > {code} > 246 @Override > 247 public Object clone() { > 248 try { > 249 CopyOnWriteArrayIdentityList thisClone = > (CopyOnWriteArrayIdentityList) super.clone(); > 250 thisClone.setData(this.getData()); > 251 return thisClone; > 252 } catch (CloneNotSupportedException e) { > 253 throw new RuntimeException("CloneNotSupportedException is not > expected here"); > 254 } > 255 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)