发表新帖

发表新帖

Malicious code vulnerability - May expose internal representation by incorporating reference to mutable object

后端未结

关注

 8  1619

遇见更好的自我 2020-11-27 05:00

I have the following code in my dto class.

public void setBillDate(Date billDate) {
    this.billDate = billDate;
}

And I get an error in s

8条回答

星月不相逢 (楼主)

2020-11-27 05:38
Date is not immutable, i.e. your billDate can be changed after it has been set on your DTO object. Or, in code:
```
Date billDate = new Date();
dto.setBillDate(billDate);
billDate.setYear(1990);
// now, dto.getBillDate().getYear() == 1990
```
You can make your setter more secure:
```
public void setBillDate(Date billDate) {
    this.billDate = (Date)billDate.clone();
}
```
0 讨论(0)

查看其它8个回答
发布评论:

提交评论
- 加载中...

热议问题