performance/java-bugs at master · nero520/performance

Name	Name	Last commit message	Last commit date
parent directory ..
src/main/java/com/performance.bugs/malicious	src/main/java/com/performance.bugs/malicious
README.md	README.md
pom.xml	pom.xml

Name

Last commit message

Last commit date

src/main/java/com/performance.bugs/malicious

#java-bugs常见bug与修正模块
##1.Malicious code vulnerability可能受到的恶意攻击

1.May expose internal representation by incorporating reference to mutable object

public void setExcuteTime(Date excuteTime) {
this.excuteTime = excuteTime;
}
}
改后 public void setExcuteTime(Date excuteTime) {
if(excuteTime!=null){
this.excuteTime = (Date)excuteTime.clone();
}else {
this.excuteTime = null;
}
}

2.May expose internal representation by returning reference to mutable object

public Date getExcuteTime() {
return excuteTime ;
}
改后
public Date getExcuteTime() {
Date excTime = null;
if(excuteTime!=null){
excTime = (Date)excuteTime.clone();
}
return excTime;
}

3.Field isn't final but should be

public class MqDispatcherThread implements Runnable {

   private static final Logger logger = Logger.getLogger(MqDispatcherThread.class);<br />

   public  static final ConcurrentMap<String,MqService> listenerMaps=new ConcurrentHashMap<>();<br />

改后
public class MqDispatcherThread implements Runnable {

   private static final Logger logger = Logger.getLogger(MqDispatcherThread.class);<br />

   public  static final ConcurrentMap<String,MqService> listenerMaps=new ConcurrentHashMap<>();<br />

2、Dodgy code糟糕的代码

1.Write to static field from instance method

2.Useless object created

ArrayList dataList = new ArrayList();
for(int k=0;k<=200;k++){
dataList.add(""+k);
}
List<ArrayList> resultList = new ArrayList<>();
ArrayList chartList = new ArrayList();
for (int i=0; i<=200; i++) {
if (i % 100 == 0) {
chartList = new ArrayList(100);
resultList.add(chartList);
}
chartList.add(dataList.get(i));
}
System.out.println(resultList.size());
改成
ArrayList dataList = new ArrayList();
for(int k=0;k<=200;k++){
dataList.add(""+k);
}
List<ArrayList> resultList = new ArrayList<>();
ArrayList chartList = null;
for (int i=0; i<=200; i++) {
if (i % 100 == 0) {
chartList = new ArrayList(100);
resultList.add(chartList);
}
chartList.add(dataList.get(i));
}
System.out.println(resultList.size());

3.Redundant nullcheck of value known to be non-null

if (preSubProcess == null || (preSubProcess != null && !(EnumConstTaskProcessStatus.FINISH.equals(preSubProcess.getSubProcessStatus())))) {
run = false;
break;
}
改为 if (preSubProcess == null || (!(EnumConstTaskProcessStatus.FINISH.equals(preSubProcess.getSubProcessStatus())))) {
run = false;
break;
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

1.May expose internal representation by incorporating reference to mutable object

2.May expose internal representation by returning reference to mutable object

3.Field isn't final but should be

2、Dodgy code糟糕的代码

1.Write to static field from instance method

2.Useless object created

3.Redundant nullcheck of value known to be non-null

FilesExpand file tree

java-bugs

Directory actions

More options

Directory actions

More options

Latest commit

History

java-bugs

Folders and files

parent directory

README.md

1.May expose internal representation by incorporating reference to mutable object

2.May expose internal representation by returning reference to mutable object

3.Field isn't final but should be

2、Dodgy code糟糕的代码

1.Write to static field from instance method

2.Useless object created

3.Redundant nullcheck of value known to be non-null