IcoreE opened a new pull request, #1513:
URL: https://github.com/apache/commons-lang/pull/1513
The RandomStringUtils class exposes three primary singleton instances
(INSECURE, SECURE, SECURE_STRONG) through static fields that are currently
missing the final keyword.
```
private static RandomStringUtils INSECURE = new
RandomStringUtils(RandomUtils::insecure);
private static RandomStringUtils SECURE = new
RandomStringUtils(SECURE_SUPPLIER);
private static RandomStringUtils SECURE_STRONG = new
RandomStringUtils(RandomUtils::secureStrong);
```
Key Issues Caused by Non-final Modifier:
1. Unintended Reassignment: The variables can be modified at runtime (e.g.,
via reflection, accidental code changes, or subclassing), breaking the
singleton contract and leading to inconsistent random string generation
behavior across the application.
2. Violation of Documentation: The class Javadoc explicitly labels itÂ
#ThreadSafe#, but non-final static state undermines this promise.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
