[NIFI-4421] Clone Issues with ProcessGroupStatus - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Patch Available
Priority: Minor
Resolution: Unresolved
Affects Version/s: 1.3.0, 1.4.0
Fix Version/s: None
Component/s: Core Framework
Labels:
None

Description

An HP Fortify scan of nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java reports the following issues with the use of the clone method.

1) The clone() method calls a function that can be overridden by an attacker. This may cause the clone to be left in a partially initialized state, or become corrupted.

Functions that clone objects and make calls to functions that can be overridden should specify these functions as final or specify the class as final. Alternatively, if this code is only needed in the clone() function, the private access specifier can be used, or the logic could be placed directly into the clone itself.

2) When implementing clone(), one should call super.clone() to obtain a new object. If a class fails to follow this convention, a subclass's clone() method will return an object of the wrong type. By calling super.clone(), the java.lang.Object implementation of clone() will always return an object of the correct type.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

NIFI-4421.patch
14/Nov/17 20:21
4 kB
Rob Leimbach

Activity

People

Assignee:: Unassigned

Reporter:: Rob Leimbach

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Sep/17 20:05

Updated:: 09/Jan/18 00:30