我修复了一个 Sonar 安全警报 - 数组直接存储
最初
void setDerivedKey(byte[] derivedKey)
{
this.derivedKey = derivedKey;
}
至
void setDerivedKey (byte[] newDerivedKey)
{
if(newDerivedKey==null)
{ this.derivedKey = new byte[0]; }
else
{ this.derivedKey = Arrays.copyOf(newDerivedKey, newDerivedKey.length); }
}
如何解决这个问题
public pEngine(byte[] salt) {
byte[] mySalt = Arrays.copyOf(salt, salt.length); //Edited as per below answer
this.parameters = new pParameters("SomeValue", "SomeValue2", salt, 100); }
修复的影响是什么
Performance
Memory management
Functionality
最佳答案
我不确定我是否理解。为什么不:
public pEngine(byte[] salt) {
byte[] mySalt = Arrays.copyOf(salt, salt.length);
this.parameters = new pParameters("SomeValue", "SomeValue2", mySalt, 100);
}
关于java - 防御性复制帮助-数组直接存储-影响分析,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32374805/