Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8114117

Properties without a public setter must be read only properties

    XMLWordPrintable

Details

    Description

      We added read only properties after the delombok conversion, and there are many places where although we have only a public getter and private/package/protected/no setter, yet we expose the property as a fully mutable property. This was never intended and is obviously both a security leak (since it exposes as public what is meant to be private), as well as an API leak. We must ensure that if there is no public setter, then a real read only property is returned. Further, ensure that each getter and setter has "final". I think there are one or two exceptions that we use internally, but these should be solved by:

      public final void setSuperMethod(Object o) { packageOrProtectedInternalMethod(o); }
      void packageOrProtectedInternalMethod(Object o) { ... }

      Or whatnot, such that we preserve the ability to override in our own usages, but that the actual public setter is final.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JDK-8129053 TextInput.text should be read-only property

          • P2 - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              ekrejcir Eva Krejčířová (Inactive)
              rbair Richard Bair (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Imported: