[
https://issues.apache.org/jira/browse/NIFI-4421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard updated NIFI-4421:
---------------------------------
Resolution: Feedback Received
Status: Resolved (was: Patch Available)
Apache NiFi 1.x is no longer maintained and no new release is planned on the
1.x release line. Marking as resolved as part of a cleanup operation. Please
open a new one with an updated description if this is still relevant for NiFi
2.x.
> Clone Issues with ProcessGroupStatus
> ------------------------------------
>
> Key: NIFI-4421
> URL: https://issues.apache.org/jira/browse/NIFI-4421
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.3.0, 1.4.0
> Reporter: Rob Leimbach
> Priority: Minor
> Attachments: NIFI-4421.patch
>
>
> An HP Fortify scan of
> nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
> reports the following issues with the use of the clone method.
> 1) The clone() method calls a function that can be overridden by an attacker.
> This may cause the clone to be left in a partially initialized state, or
> become corrupted.
> Functions that clone objects and make calls to functions that can be
> overridden should specify these functions as final or specify the class as
> final. Alternatively, if this code is only needed in the clone() function,
> the private access specifier can be used, or the logic could be placed
> directly into the clone itself.
> 2) When implementing clone(), one should call super.clone() to obtain a new
> object. If a class fails to follow this convention, a subclass's clone()
> method will return an object of the wrong type. By calling super.clone(), the
> java.lang.Object implementation of clone() will always return an object of
> the correct type.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
