MethodReturnsInternalArray

Exposing internal arrays directly allows the user to modify some code that could be critical. It is safer to return a copy of the array.

This rule is defined by the following Java class: net.sourceforge.pmd.rules.sunsecure.MethodReturnsInternalArray

Example:

                
  
public class SecureSystem {
  UserData [] ud;
  public UserData [] getUserData() {
      // Don't return directly the internal array, return a copy
      return ud;
  }
}