Exposing internal arrays directly allows the user to modify some code that could be critical. It is safer to return a copy of the array.public class SecureSystem { UserData [] ud; public UserData [] getUserData() { // Don't return directly the internal array, return a copy return ud; } }Additional info can be found at this http://pmd.sourceforge.net/rules/sunsecure.html#MethodReturnsInternalArray site.
| 1 | org.jcoderz.commons.util.JaxbUtil |
| [222:10] | |