SV.EXPOSE.RET

This error is detected when a method returns a reference to a mutable object.

Vulnerability and risk

See SV.EXPOSE.FIN.

Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.

Mitigation and prevention

This vulnerability can be mitigated by preventing public methods from returning references to mutable objects.

Example 1

17
18
19
20
21
22
23
24
    private ArrayList adminUsers;
    public Collection getAdminUsers() {
      return adminUsers;
    }
    // ...
    void maliciousUserCode() {
      getAdminUsers().add("myself");
    }

SV.EXPOSE.RET is reported for 'return' statement on line 19: Method returns reference to mutable object 'adminUsers'. Internal state of object can be modified by malicious user.

External guidance

• CWE-374: Passing Mutable Objects to an Untrusted Method
• CERT OBJ04-J: Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
• CERT OBJ05-J: Do not return references to private mutable class members

Security training

Application security training materials provided by Secure Code Warrior.

• Insufficient Validation Training Video - Test your skills with a training example