[ https://issues.apache.org/jira/browse/NIFI-4421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joseph Witt updated NIFI-4421: ------------------------------ Fix Version/s: (was: 1.5.0) > Clone Issues with ProcessGroupStatus > ------------------------------------ > > Key: NIFI-4421 > URL: https://issues.apache.org/jira/browse/NIFI-4421 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.3.0, 1.4.0 > Reporter: Rob Leimbach > Priority: Minor > Attachments: NIFI-4421.patch > > > An HP Fortify scan of > nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java > reports the following issues with the use of the clone method. > 1) The clone() method calls a function that can be overridden by an attacker. > This may cause the clone to be left in a partially initialized state, or > become corrupted. > Functions that clone objects and make calls to functions that can be > overridden should specify these functions as final or specify the class as > final. Alternatively, if this code is only needed in the clone() function, > the private access specifier can be used, or the logic could be placed > directly into the clone itself. > 2) When implementing clone(), one should call super.clone() to obtain a new > object. If a class fails to follow this convention, a subclass's clone() > method will return an object of the wrong type. By calling super.clone(), the > java.lang.Object implementation of clone() will always return an object of > the correct type. -- This message was sent by Atlassian JIRA (v6.4.14#64029)