rspec/rules/S1873/rule.adoc

== Why is this an issue?

Public arrays, even ones declared ``++static final++`` can have their contents edited by malicious programs. The ``++final++`` keyword on an array declaration means that the array object itself may only be assigned once, but its contents are still mutable. Therefore making arrays ``++public++`` is a security risk.


Instead, arrays should be private and accessed through methods.


=== Noncompliant code example

[source,text]
----
public class Estate {
  // Noncompliant; array contents can be modified
  public static final String [] HEIRS = new String [] { 
    "Betty", "Suzy" };
}

public class Malicious {
  public void changeWill() {
    Estate.HEIRS[0] = "Biff";
    if (Estate.HEIRS.length > 1) {
      for (int i = 1; i < Estate.HEIRS.length; i++) {
        Estate.HEIRS[i] = "";
      }
  }
}
----


=== Compliant solution

[source,text]
----
public class Estate {
  private static final String [] HEIRS = new String [] { 
    "Betty", "Suzy" };

  public String [] getHeirs() {
    // return copy of HEIRS
  }
}

----


== Resources

* https://cwe.mitre.org/data/definitions/582[MITRE, CWE-582] - Array Declared Public, Final, and Static
* https://cwe.mitre.org/data/definitions/607[MITRE, CWE-607] - Public Static Final Field References Mutable Object
* https://wiki.sei.cmu.edu/confluence/x/LjdGBQ[CERT, OBJ01-J.] - Limit accessibility of fields
* https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Fix the double-plus ++ handling in the inline-code 2021-01-27 16:55:38 +01:00			Public arrays, even ones declared ``++static final++`` can have their contents edited by malicious programs. The ``++final++`` keyword on an array declaration means that the array object itself may only be assigned once, but its contents are still mutable. Therefore making arrays ``++public++`` is a security risk.
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
Force linebreaks 2021-02-02 15:02:10 +01:00
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`Instead, arrays should be private and accessed through methods.`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,text]`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`----`
			`public class Estate {`
			`// Noncompliant; array contents can be modified`
			`public static final String [] HEIRS = new String [] {`
			`"Betty", "Suzy" };`
			`}`

			`public class Malicious {`
			`public void changeWill() {`
			`Estate.HEIRS[0] = "Biff";`
			`if (Estate.HEIRS.length > 1) {`
			`for (int i = 1; i < Estate.HEIRS.length; i++) {`
			`Estate.HEIRS[i] = "";`
			`}`
			`}`
			`}`
			`----`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,text]`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`----`
			`public class Estate {`
			`private static final String [] HEIRS = new String [] {`
			`"Betty", "Suzy" };`

			`public String [] getHeirs() {`
			`// return copy of HEIRS`
			`}`
			`}`

			`----`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/582[MITRE, CWE-582] - Array Declared Public, Final, and Static`
			`* https://cwe.mitre.org/data/definitions/607[MITRE, CWE-607] - Public Static Final Field References Mutable Object`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`* https://wiki.sei.cmu.edu/confluence/x/LjdGBQ[CERT, OBJ01-J.] - Limit accessibility of fields`
			`* https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed`

Add missing asciidoc includes 2022-01-25 18:36:46 +01:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::message.adoc[]`

			`'''`
			`== Comments And Links`
			`(visible only on this page)`

			`include::comments-and-links.adoc[]`

			`endif::env-github,rspecator-view[]`