Forum Discussion

sravanimuppa100's avatar
sravanimuppa100
New Member
10 months ago

CodeQL vulnerability on openAPI generated javacode "Exposing internal representation"

CodeQL  scanner throws code vulnerability on openAPI generated javacode "Exposing internal representation". 

 

CAUSE: A subtle type of defect is caused when an object accidentally exposes its internal representation to the code outside the object, and the internal representation is then (deliberately or accidentally) modified in ways that the object is not prepared to handle. Most commonly, this happens when a getter returns a direct reference to a mutable field within the object, or a setter just assigns a mutable argument to its field.

 

There are three ways of addressing this problem:

1. Using immutable objects 

2. Creating a read-only view

3. Making defensive copies

No RepliesBe the first to reply