1

"Clonable class in secure context" inspection triggers if a class implements Cloneable. The name of the inspection implies that it is only applied to classes which are in a "secure context".

How does IntelliJ decide if a class is in a secure context?

How do I tell IntelliJ whether a class is in a secure context or not?

Eduard Wirch
  • 9,785
  • 9
  • 61
  • 73

1 Answers1

1

You are only supposed to run the inspection on the "secure context" (by using a scope). Perhaps the description of this inspection could be improved. See here for more explanation:
- https://www.securecoding.cert.org/confluence/display/java/OBJ07-J.+Sensitive+classes+must+not+let+themselves+be+copied
- http://cwe.mitre.org/data/definitions/498.html

Bas Leijdekkers
  • 23,709
  • 4
  • 70
  • 68
  • Do you mean the inspection is not intended to be enabled by default, but rather should only used in "Run Inspection By Name...". Or do you mean, I am supposed to change the default inspection setting of "Warning in all Scopes" to a custom scope created by me? – Eduard Wirch Nov 30 '16 at 12:24
  • The second, except if your entire project is in a "secure context" :-) – Bas Leijdekkers Nov 30 '16 at 13:08