· MethodReturnsInternalArray: Exposing internal arrays directly allows the user to modify some code that could be critical. It is safer to return a copy of the array.
翻译 方法返回内部数组:暴露内部数组直接允许用户修改的代码会是非常危险的,返回一个数组的copy是安全的做法
代码示例:
public class SecureSystem {
UserData [] ud;
public UserData [] getUserData() {
// Don't return directly the internal array, return a copy
return ud;
}
}
· ArrayIsStoredDirectly: Constructors and methods receiving arrays should clone objects and store the copy. This prevents that future changes from the user affect the internal functionality.
翻译 数组被直接存储:构造器和方法接收数组应该clone对象并保存副本,这会阻止用户将来的改变影响内部的功能。
代码示例:
public class Foo {
private String [] x;
public void foo (String [] param) {
// Don't do this, make a copy of the array at least
this.x=param;
}
}