File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

is there a ny security issue when returning the NEW Object

 
Karthikeyan Sakthivel
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wish to know whether there is any security issue when returning a New Object from a Method.

EXAMPLE
*******
public class MEReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));
}
}

Whether the following line is a problem or Not

return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2));
 
Jesper de Jong
Java Cowboy
Saloon Keeper
Pie
Posts: 15150
31
Android IntelliJ IDE Java Scala Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, there is no security issue.

Why are you asking the question - do you have some potential security issue in mind? If so, can you please tell us what potential issue you are thinking about?
 
Karthikeyan Sakthivel
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually I was asked to pass the parameter instead of creating an new objects inside the method.

Original Example
public class ReturnParameter {
public static Dimension getRectangleSzie(int x1, int y1, int x2, int y2) {
return new Dimension(Math.abs(x1-x2), Math.abs(y1-y2)); //VIOLATION
}
}

I was asked to write the code as follows.

public class ReturnParameter {
public static Dimension getRectangleSize(int x1, int y1, int x2, int y2, Dimension returnValue) {
returnValue.width = Math.abs(x1-x2);
returnValue.height = Math.abs(y1-y2);
return returnValue; // FIXED
}
}

Trying to understand why the above Original Example is not allowed
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, I don't see the point of that change. There is some potential if you keep a reference to the object you create and return or if you just return a member variable ...

because now somebody else has access to something I consider private. They can change it without my knowing. I think FindBugz flags this as a warning.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic