2021-01-27 16:55:38 +01:00
Public arrays, even ones declared ``++static final++`` can have their contents edited by malicious programs. The ``++final++`` keyword on an array declaration means that the array object itself may only be assigned once, but its contents are still mutable. Therefore making arrays ``++public++`` is a security risk.
2020-12-21 15:38:52 +01:00
Instead, arrays should be private and accessed through methods.
== Noncompliant Code Example
----
public class Estate {
// Noncompliant; array contents can be modified
public static final String [] HEIRS = new String [] {
"Betty", "Suzy" };
}
public class Malicious {
public void changeWill() {
Estate.HEIRS[0] = "Biff";
if (Estate.HEIRS.length > 1) {
for (int i = 1; i < Estate.HEIRS.length; i++) {
Estate.HEIRS[i] = "";
}
}
}
----
== Compliant Solution
----
public class Estate {
private static final String [] HEIRS = new String [] {
"Betty", "Suzy" };
public String [] getHeirs() {
// return copy of HEIRS
}
}
----
== See
* http://cwe.mitre.org/data/definitions/582.html[MITRE, CWE-582] - Array Declared Public, Final, and Static
* http://cwe.mitre.org/data/definitions/607.html[MITRE, CWE-607] - Public Static Final Field References Mutable Object
* https://wiki.sei.cmu.edu/confluence/x/LjdGBQ[CERT, OBJ01-J.] - Limit accessibility of fields
* https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed
