Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

is there a ny security issue when returning the NEW Object

 
Karthikeyan Sakthivel
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wish to know whether there is any security issue when returning a New Object from a Method.

EXAMPLE
*******
public class MEReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));
}
}

Whether the following line is a problem or Not

return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));
 
Jesper de Jong
Java Cowboy
Saloon Keeper
Posts: 15484
43
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, there is no security issue.

Why are you asking the question - do you have some potential security issue in mind? If so, can you please tell us what potential issue you are thinking about?
 
Karthikeyan Sakthivel
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually I was asked to pass the parameter instead of creating an new objects inside the method.

Original Example
public class ReturnParameter {
public static Dimension getRectangleSzie(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2)); //VIOLATION
}
}

I was asked to write the code as follows.

public class ReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2, Dimension returnValue) {
returnValue.width = Math.abs(x1-x2);
returnValue.height = Math.abs(y1-y2);
return returnValue; // FIXED
}
}

Trying to understand why the above Original Example is not allowed
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, I don't see the point of that change. There is some potential if you keep a reference to the object you create and return or if you just return a member variable ...

because now somebody else has access to something I consider private. They can change it without my knowing. I think FindBugz flags this as a warning.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic