Fix #24 - Limit the extensibility of classes and methods#26
Fix #24 - Limit the extensibility of classes and methods#26OlivierJaquemet wants to merge 2 commits intosamdjstevens:masterfrom
Conversation
Apply Guideline 4-5 / EXTEND-5: Limit the extensibility of classes and methods from the Secure Coding Guidelines for Java SE https://www.oracle.com/technetwork/java/seccodeguide-139067.html#4-5
|
Thanks for the PR - I'm not 100% this is needed/beneficial. Whilst it does improve security and composition should be favoured over inheritence generally, is it being too restrictive by not allowing consumers to override |
|
@samdjstevens honestly, I'm not sure either I should have made all classes final. I may have been a little overzealous :p |
Be a little more openminded in applying Guideline 4-5 / EXTEND-5: Limit the extensibility of classes and methods from the Secure Coding Guidelines for Java SE https://www.oracle.com/technetwork/java/seccodeguide-139067.html#4-5 Rule is : "Design classes and methods for inheritance" or "declare them final" This commit reverts use of final classes for default implementation of as it was clearly design for inheritance and should be kept this way
|
PR updated to revert use of final keyword for all classes which could be subclassed. |
|
Appreciate the work on this, but because these changes would require a new major version (non backwards compatible API changes) I think I'm going to hold off merging until other breaking changes are introduced into the library. Thanks! |
2 participants
Apply Guideline 4-5 / EXTEND-5: Limit the extensibility of classes and
methods from the Secure Coding Guidelines for Java SE
https://www.oracle.com/technetwork/java/seccodeguide-139067.html#4-5
(reported by running VisualCodeGrepper
https://github.com/nccgroup/VCG/blob/master/VisualCodeGrepper/modJavaCheck.vb#L318
)