Fortify Issues -Code Correctness: Constructor Invokes Overridable Function

public class TestEvent{

TestEvent(){

getData()

}

public Data getData(){

Data data= new Data();

// some code process may happen

return data;

}

Description

the TestEvent constructor calls methods that are not final.

Proposed solution

Make the methods called in the TestEvent constructor (getPatientData(), getProviderData(), etc) final

Additional context

• this is from a fortify finding. see https://vulncat.fortify.com/en/detail?id=desc.structural.java.code_correctness_constructor_invokes_overridable_function

Recommendations:

Constructors should not call functions that can be overridden, either by specifying them as final, or specifying the class as final. Alternatively if this code is only ever needed in the constructor, the private access specifier can be used, or the logic could be placed directly into the constructor of the superclass.

More Issues Resolutions :

Fortify Issues -Poor Style: Confusing Naming

Fortify Issues -Code Correctness: Constructor Invokes Overridable Function

Fortify Issues : Path Manipulation

Fortify issue — Dead Code unused