Question

我修复了一个Sonar安全警报 - 数组直接存储

首先

void setDerivedKey(byte[] derivedKey)
{
this.derivedKey = derivedKey;
}

要

void setDerivedKey (byte[] newDerivedKey)
{
if(newDerivedKey==null)
 {  this.derivedKey = new byte[0];          }
else
 {   this.derivedKey = Arrays.copyOf(newDerivedKey, newDerivedKey.length); }
}

如何解决此问题

    public pEngine(byte[] salt) {
    byte[] mySalt = Arrays.copyOf(salt, salt.length);  //Edited as per below    answer
    this.parameters = new pParameters("SomeValue", "SomeValue2", salt, 100); }

修复对

的影响是什么？

 Performance
 Memory management
 Functionality

Answer 1

我不确定我明白。为什么不：

public pEngine(byte[] salt) {
    byte[] mySalt = Arrays.copyOf(salt, salt.length);
    this.parameters = new pParameters("SomeValue", "SomeValue2", mySalt, 100);
}

防御性复制帮助 - 直接存储数组 - 影响分析

1 个答案: