Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does the FindBugs EI_EXPOSE_REP bug only concern Date?

Tags:

java

getter-setter

accessor

findbugs

Findbugs reports a lot of EI_EXPOSE_REP and EI_EXPOSE_REP2 bugs on my code, each time I write getters and setters like this:

  public Date getDate() {
    return date;
  }
  public void setDate(final Date date) {
    this.date = date;
  }

I understand the meaning of the report, I should not expose the internal references of my objet to the outside world so that they can not be modified by a malicious/erronous code. A fix would be:

  public Date getDate() {
    return date == null ? null : date.clone();
  }
  public void setDate(Date date) {
    this.date = date == null ? null : date.clone();
  }

My question is not here. I am surprised that this report concerns ALWAYS Date. Why not all other mutable objects? I think this report goes for all mutable objects too, doesn't it ?

Should I extend this "good practice" to all my accessors that deal with mutable objects?

Give me your advice, thanks

like image 423
moudug Avatar asked Nov 20 '12 12:11

moudug

1 Answers

I would certainly expect this report to relate to all mutable objects, but I suspect that FindBugs is aware of certain common offenders.

I'm normally careful with exposing internal state via getters e.g.

public ArrayList<Trade> getTrades() {
   return trades;
}

means

  1. a client may be exposed to changes in your trade list
  2. a client may change that list that you passed out in good faith

As such there are two approaches.

  1. pass an immutable variant of that object (i.e. an object that can't be changed). In the above scenario you would take a read-only copy of that list and pass that out (you might argue that you could just take a simple read-write copy and pass that since it wouldn't affect the originating object, but that's counterintuitive)
  2. don't pass the object (list of trades) out, but rather have the owning object perform operations on that collection for you. This is perhaps the essence of OO - telling objects to do things for you rather than asking them for info and doing it yourself.

Similar arguments relate to setters and constructor arguments.

Note that you can find yourself copying lots of objects upon exposure in order to protect yourself, and potentially doing a lot of extra work. It's a technique to be used judiciously and it's worth understanding who your client objects are, and if you can control and/or trust them.

like image 59
Brian Agnew Avatar answered Sep 30 '22 17:09

Brian Agnew
Sign in to Comment

Related questions

Implementing a simple UDP network that continuously broadcasts to its neighbours
Find all numeric literals in Java code
What's causing this NPE when I request an action?
Apache HttpClient is throwng HTTP 500s but can't reproduce in a browser
Most readable way to write a ZipEntry to File?
Key/Value store extremely slow on SSD
Java classpath wildcard not working without quotes
How can I run a jnlp application with console?
Calculate all possible combinations
String.format equivalent in Java 1.4
Spring expression in xml configuration file
How to create a java class with static method called cage, that place X in a prison bar shape?
Global Exception Handling in an Eclipse RCP app
Is there a way to have if/else conditions in an xml in spring mvc3?
PDF export printing in Internet Explorer
res.flushBuffer() vs res.getOutputStream().flush();
Writing to a properties file does not work
Concurrent writing upon a standard OutputStream
Assembling a Netty Message in the Handler
Is there a way to tell from within the JVM whether a particular method has been JIT compiled?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!