Fortify Issues -Code Correctness: Constructor Invokes Overridable Function

Mar 16, 2022

public class TestEvent{
TestEvent(){
getData()
}
public Data getData(){
Data data= new Data();
// some code process may happen
return data;
}

Description

the TestEvent constructor calls methods that are not final.

Proposed solution

Make the methods called in the TestEvent constructor (getPatientData(), getProviderData(), etc) final

Additional context

this is from a fortify finding. see https://vulncat.fortify.com/en/detail?id=desc.structural.java.code_correctness_constructor_invokes_overridable_function

Recommendations:

Constructors should not call functions that can be overridden, either by specifying them as final, or specifying the class as final. Alternatively if this code is only ever needed in the constructor, the private access specifier can be used, or the logic could be placed directly into the constructor of the superclass.

More Issues Resolutions :

Fortify Issues -Poor Style: Confusing Naming

Fortify Issues -Code Correctness: Constructor Invokes Overridable Function

Fortify Issues : Path Manipulation

Fortify issue — Dead Code unused

Fortify Issues -Code Correctness: Constructor Invokes Overridable Function

Description

Proposed solution

Additional context

More Issues Resolutions :

Fortify Issues -Poor Style: Confusing Naming

Fortify Issues -Code Correctness: Constructor Invokes Overridable Function

Fortify Issues : Path Manipulation

Fortify issue — Dead Code unused

Written by Kiran Kumar