(commons-codec) 04/17: Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2

[ggregory]

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-codec.git

commit 20df4c9f2947b2c6e992778d2859c4a58856beff
Author: Gary D. Gregory <garydgreg...@gmail.com>
AuthorDate: Sat Jul 19 07:47:32 2025 -0400

    Fix SpotBugs [ERROR] Medium:
    
org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[])
    may expose internal representation by storing an externally mutable
    object into BaseNCodec$AbstractBuilder.encodeTable
    [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At
    BaseNCodec.java:[line 131] EI_EXPOSE_REP2
---
 src/changes/changes.xml                                       | 1 +
 src/main/java/org/apache/commons/codec/binary/Base64.java     | 3 ++-
 src/main/java/org/apache/commons/codec/binary/BaseNCodec.java | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 2a5f6181..01a19f83 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -63,6 +63,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action type="fix" dev="ggregory" due-to="Gary Gregory">Fix PMD multiple 
UnnecessaryFullyQualifiedName in 
org.apache.commons.codec.digest.Blake3.</action>
       <action type="fix" dev="ggregory" due-to="Gary Gregory">Fix PMD 
UnnecessaryFullyQualifiedName in 
org.apache.commons.codec.digest.Md5Crypt.</action>
       <action type="fix" dev="ggregory" due-to="Gary Gregory">Fix PMD 
EmptyControlStatement in org.apache.commons.codec.language.Metaphone.</action>
+      <action type="fix" dev="ggregory" due-to="Gary Gregory">Fix SpotBugs 
[ERROR] Medium: 
org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[])
 may expose internal representation by storing an externally mutable object 
into BaseNCodec$AbstractBuilder.encodeTable 
[org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At 
BaseNCodec.java:[line 131] EI_EXPOSE_REP2.</action>
       <!-- ADD -->
       <action type="add" dev="ggregory" due-to="Gary Gregory">Add 
HmacUtils.hmac(Path).</action>      
       <action type="add" dev="ggregory" due-to="Gary Gregory">Add 
HmacUtils.hmacHex(Path).</action>      
diff --git a/src/main/java/org/apache/commons/codec/binary/Base64.java 
b/src/main/java/org/apache/commons/codec/binary/Base64.java
index 8d0a489c..d24c36eb 100644
--- a/src/main/java/org/apache/commons/codec/binary/Base64.java
+++ b/src/main/java/org/apache/commons/codec/binary/Base64.java
@@ -667,7 +667,8 @@ public class Base64 extends BaseNCodec {
         if (encodeTable.length != STANDARD_ENCODE_TABLE.length) {
             throw new IllegalArgumentException("encodeTable must have exactly 
64 entries.");
         }
-        this.isUrlSafe = encodeTable == URL_SAFE_ENCODE_TABLE;
+        // same array first or equal contents second
+        this.isUrlSafe = encodeTable == URL_SAFE_ENCODE_TABLE || 
Arrays.equals(encodeTable, URL_SAFE_ENCODE_TABLE);
         if (encodeTable == STANDARD_ENCODE_TABLE || this.isUrlSafe) {
             decodeTable = DECODE_TABLE;
             // No need of a defensive copy of an internal table.
diff --git a/src/main/java/org/apache/commons/codec/binary/BaseNCodec.java 
b/src/main/java/org/apache/commons/codec/binary/BaseNCodec.java
index ac0f4b2a..f1f979ef 100644
--- a/src/main/java/org/apache/commons/codec/binary/BaseNCodec.java
+++ b/src/main/java/org/apache/commons/codec/binary/BaseNCodec.java
@@ -128,7 +128,7 @@ public abstract class BaseNCodec implements BinaryEncoder, 
BinaryDecoder {
          * @return {@code this} instance.
          */
         public B setEncodeTable(final byte... encodeTable) {
-            this.encodeTable = encodeTable != null ? encodeTable : 
defaultEncodeTable;
+            this.encodeTable = encodeTable != null ? encodeTable.clone() : 
defaultEncodeTable;
             return asThis();
         }