1
@Nullable
public String[] getX() {
    return x;
}

public void setX(@Nullable final String[] x) {
    this.x= x;
}

The above code gives a PMD Security warning - " Security - Method returns internal array : Returning 'x' may expose an internal array for getter and similar one for setter.

One way to fix this is .clone() the array. Since these are nullable, i'll have to do a null check. Do we have a way to do this using google's guava library?

Thanks

Louis Wasserman
  • 191,574
  • 25
  • 345
  • 413
aazeem
  • 844
  • 1
  • 12
  • 23
  • 1
    Why not use Lists instead? And why not make the array non-nullable: would be better for the caller, who wouldn't have to do the null check that is bothering you. – JB Nizet Feb 21 '14 at 16:36
  • @JBNizet Wouldn't you still need to make a copy of an internal `List` if you wished to allow the returned list to be modifiable but not have those changes be reflected internally? – JAB Feb 21 '14 at 16:42
  • 4
    Yes, but I'd prefer to return an immutable list, and document it, so that the caller makes a copy if he needs one. Most of the time, the caller only reads from the list, making the copy a waste of resources. – JB Nizet Feb 21 '14 at 16:45
  • 3
    FWIW, relatively few Guava methods are "null-safe" in the way you appear to mean here: Guava tends to see nulls as an indication that you _should_ NPE. – Louis Wasserman Feb 21 '14 at 18:36

1 Answers1

5

Guava recommends you use an ImmutableList<String> instead of a String[]. See also Collection Interface vs arrays.

Community
  • 1
  • 1
Kevin Bourrillion
  • 40,336
  • 12
  • 74
  • 87