CWE-580

clone() Method Without super.clone()

Variant

Draft

Description

The product contains a clone() method that does not call super.clone() to obtain the new object.

All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass's clone() method will return an object of the wrong type.

Parent Weaknesses (ChildOf)

CWE-573: Improper Following of Specific...

CWE-664: Improper Control of a Resource...

Common Consequences

Scope

Integrity

Other

Impact

Unexpected State, Quality Degradation

Potential Mitigations

Implementation

Call super.clone() within your clone() method, when obtaining a new object.

Implementation

In some cases, you can eliminate the clone method altogether and use copy constructors.

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now