CS.METHOD.RETURN.REF_MEMBER
Member variable with reference type returned in method.
Member function should not return reference type members unless constant
Vulnerability and risk
Returned objects may be modified, causing unintended behavior.
Mitigation and prevention
Review the design to see if the reference type member variable should be returned.
Vulnerable code example
Copy
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace kmcustom
{
class MyCls
{
public string _str = "abc";
public void setStr(string str)
{
_str = str;
}
public string getStr()
{
return _str;
}
}
class C16
{
private string str = "abc";
private String cstr = "abc";
private int number = 1;
private int[] int_array = new int[5];
private MyCls myCls = new MyCls();
public string getStr()
{
return str;//OK - string or String is immutable
}
public string getCStr()
{
return str;//OK - string or String is immutable
}
public int getNumber()
{
return number;//OK
}
public MyCls getMyCls()
{
return myCls;//NG
}
public int[] getIntArray()
{
for(int i = 0; i < int_array.Length; i++)
{
int_array[i] = 0;
}
return int_array;//NG
}
public void printIntArray()
{
for (int i = 0; i < int_array.Length; i++) {
Console.WriteLine("index:" + i + " value:" + int_array[i]);
}
}
}
}
