CWE-580 未定义super.clone()的clone()方法

clone() Method Without super.clone()

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown

基本描述

The software contains a clone() method that does not call super.clone() to obtain the new object.

扩展描述

All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass's clone() method will return an object of the wrong type.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 573 cwe_View_ID: 1000

  • cwe_Nature: ChildOf cwe_CWE_ID: 573 cwe_View_ID: 699

适用平台

Language: {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Integrity', 'Other'] ['Unexpected State', 'Quality Degradation']

可能的缓解方案

Implementation

策略:

Call super.clone() within your clone() method, when obtaining a new object.

Implementation

策略:

In some cases, you can eliminate the clone method altogether and use copy constructors.

示例代码

The following two classes demonstrate a bug introduced by not calling super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer's clone method will return an object of type Kibitzer instead of FancyKibitzer.

bad Java

public class Kibitzer {
public Object clone() throws CloneNotSupportedException {

Object returnMe = new Kibitzer();
...
}
}

public class FancyKibitzer extends Kibitzer{
public Object clone() throws CloneNotSupportedException {

Object returnMe = super.clone();
...
}
}

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
Software Fault Patterns SFP28 Unexpected access points