Java Developer Tools

Audit - Rules - Clone Usage

Description
This group contains audit rules that check for problems with the use of the cloning mechanism (the interface Cloneable and the clone method).

Rules:

Details

Clone Without Cloneable

Summary
Invoking Object's clone() method on an instance that does not implement the Cloneable interface results in the exception CloneNotSupportedException being thrown.

Description
The programmer probably intended the class to be cloneable when implementing the clone() method. Invoking Object's clone() method on an instance that does not implement the Cloneable interface results in the exception CloneNotSupportedException being thrown.

Security Implications
This means the code will not work as intended, resulting in errors and possibly unpredictable behavior thus compromising security.

Example
The following code would be flagged as a violation because it does not implement Cloneable while implementing clone method:

    public class SomeBean {
        public Object clone() throws CloneNotSupportedException {
            ...
        }
    }

Cloneable Without Clone

Summary
Classes that implement the Cloneable interface should define a clone() method.

Description
This audit rule looks classes that implement the Cloneable interface and do not define clone() method.

Security Implications
It is most essential for library vendors or for mobile code. The clone method is mechanism that allows the creation of objects, and it might be undesirable for users to be able to inherit this class and tamper with the behavior of this method.

Example
The following class would be flagged as a violation because it does not define a clone() method

    class MyClass implements Cloneable
    {
            ...
    }

    

Enforce Cloneable Usage

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.