Java

Java

Made by DeepSource

Public static method returns freely modifiable array that may expose internal state JAVA-S0131

Security
Major

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array.

This is dangerous because it could allow external code to modify the behavior of the class by changing data asssumed to be invariant.

One fix is to return a copy of the array, using Arrays.copyOf(Object []) for example.