Rob Leimbach created NIFI-4421:
----------------------------------
Summary: Clone Issues with ProcessGroupStatus
Key: NIFI-4421
URL: https://issues.apache.org/jira/browse/NIFI-4421
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.3.0, 1.4.0
Reporter: Rob Leimbach
Priority: Minor
An HP Fortify scan of
nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
reports the following issues with the use of the clone method.
1) The clone() method calls a function that can be overridden by an attacker.
This may cause the clone to be left in a partially initialized state, or become
corrupted.
Functions that clone objects and make calls to functions that can be overridden
should specify these functions as final or specify the class as final.
Alternatively, if this code is only needed in the clone() function, the private
access specifier can be used, or the logic could be placed directly into the
clone itself.
2) When implementing clone(), one should call super.clone() to obtain a new
object. If a class fails to follow this convention, a subclass's clone() method
will return an object of the wrong type. By calling super.clone(), the
java.lang.Object implementation of clone() will always return an object of the
correct type.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
