声纳违规:安全性 - 使用 byte[] 时直接存储数组

问题描述

我确实遇到过以下 2 篇关于类似问题的帖子声纳违规和声纳违规但是，我的问题是 byte[]

I did come across the following 2 posts about a similar issue Sonar Violation and Sonar Violation But, my problem is with byte[]

以下是我在声纳中收到此警告的代码片段

Following is the code snippet for which I get this warning in Sonar

public void setValue(byte[] value) {
    this.value = value;
}

我查看了解决方案并进行了以下更改

I looked at the solutions and made the following changes

public void setValue(byte[] value) {
    if(value == null) {
        this.value = new byte[0];
    } else {
        this.value= Arrays.copyOf(value, value.length); 
    }
}

即便如此，我在 Sonar 中也收到了相同的安全违规警告.我收到这个警告是因为它是 byte[] 并且字节数组需要以不同的方式处理吗?

Even then, I get the same Security violation warning in Sonar. Am I getting this warning because it is byte[] and byte arrays need to be handled differently?

推荐答案

您可以使用以下方法解决 byte[] 的问题

You could use the following to resolve the issue with byte[]

value.clone()