VariantDraft

CWE-580clone() Method Without super.clone()

Category: other

Description

The product contains a clone() method that does not call super.clone() to obtain the new object. All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass's clone() method will return an object of the wrong type.

Common consequences· 1

  • Integrity / Other — Unexpected State, Quality Degradation

Potential mitigations· 2

  • [Implementation]Call super.clone() within your clone() method, when obtaining a new object.
  • [Implementation]In some cases, you can eliminate the clone method altogether and use copy constructors.

References

  1. https://cwe.mitre.org/data/definitions/580.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Public cloneable() Method Without Final ('Object Hijack')
CWE
finalize() Method Without super.finalize()
CWE
Cloneable Class Containing Sensitive Information
CWE
Object Model Violation: Just One of Equals and Hashcode Defined
CWE
Returning a Mutable Object to an Untrusted Caller
CWE
Private Data Structure Returned From A Public Method
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.