Cloneable class in secure context

Reports classes which may be cloned.

A class may be cloned if it supports the Cloneable interface, and its clone() method is not defined to immediately throw an error. Cloneable classes may be dangerous in code intended for secure use.

Example:

class SecureBean implements Cloneable {}

After the quick-fix is applied:

class SecureBean {}

When the class extends an existing cloneable class or implements a cloneable interface, then after the quick-fix is applied, the code may look like:

class SecureBean extends ParentBean {
    @Override
    protected SecureBean clone() throws CloneNotSupportedException {
        throw new CloneNotSupportedException();
    }
}

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

CloneableClassInSecureContext

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | Java | Security

Availability

By default bundled with: IntelliJ IDEA 2024.1, Qodana for JVM 2024.1,
Can be installed with plugin: Java, 241.18072

Last modified: 18 June 2024