ABSTRACT

The ICloneable interface specifies a weak contract for its Clone method and should be avoided.

EXPLANATION

The ICloneable interface does not guarantee deep cloning, classes that implement it may not behave as expected when they are cloned. Classes that implement ICloneable and perform only shallow-cloning (copies only the object, which includes existing references to other objects) may result in unexpected behavior. Because deep-cloning (copies the object and all referenced objects) is typically the assumed behavior of a clone method, the use of the ICloneable interface is error prone and should be avoided.

REFERENCES

[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 398

[2] Krzysztof Cwalina, Brad Abrams Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries. Chapter 8: Usage Guidelines Addison-Wesley