Message Boards
Fortify Scan Issue on Service Builder Interface and Base Model Impl
Fortify Scan Issue on Service Builder Interface and Base Model Impl
Expert Posts: 253 Join Date: 1/25/16 Recent PostsHi,
We ran a fortify scan and we got scan result as follows Object Model Violation: Erroneous clone() Method on the base model that was generated by service build. Base on the documentation in source code it stated that the that should nt be change and exis as a container.
servuice builder:
@Override
public Object clone() {
antImpl mantImpl = new antImpl();
antImpl.setUuid(getUuid());
antImplsetEmailAddress(getEmailAddress());
antImpl.setCompanyId(getCompanyId());
antImpl.setUserId(getUserId());
antImpl.setUserName(getUserName());
antImpl.setCreateDate(getCreateDate());
antImpl.setModifiedDate(getModifiedDate());
antImpl.setStatus(isStatus());
antImpl.setApproved(isApproved());
antImpl.setFirstName(getFirstName());
antImpl.setLastName(getLastName());
antImpl.resetOriginalValues());
return antImpl;
}
Foritfy, recommendation is as follows:
Always obtain the new object by calling super.clone(). The
java.lang.Object implementation of clone() will always return an
object of the correct type.
public class FancyKibitzer extends Kibitzer
implements
Cloneable {
public Object clone() throws
CloneNotSupportedException {
Object returnMe =
super.clone();
...
}
}
But I dont believe we can alter the ModelImpl clases. Can anyone advise how to resolve this fortify scan issue since we are not to modify the generated clases? I tried to cast the object by callling super.clone()
Thanks
Kevin
RE: Fortify Scan Issue on Service Builder Interface and Base Model Impl
Expert Posts: 253 Join Date: 1/25/16 Recent PostsI have submitted a false postive challege for this fortify issue. The challenge is that the class subclass a base claas that implments the interface in which the interfcae extends Cloneable so no need to call super.clone() since non of the classes does not implement Cloneable interface.
RE: Fortify Scan Issue on Service Builder Interface and Base Model Impl
Expert Posts: 253 Join Date: 1/25/16 Recent PostsHello, has the liferay service builder been scan for security vulenrability issue such as Object Model Violation: Erroneous clone() Method. on the <enitity>ModelImpl class?
Security Scan recomendation : Always obtain the new object by calling super.clone(). The java.lang.Object implementation of clone() will always return an object of the correct type.