ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1444/java/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

45 lines
1.0 KiB
Plaintext
Raw Blame History

== Why is this an issue?
There is no good reason to declare a field "public" and "static" without also declaring it "final". Most of the time this is a kludge to share a state among several objects. But with this approach, any object can do whatever it wants with the shared state, such as setting it to ``++null++``.
=== Noncompliant code example
[source,java]
----
public class Greeter {
public static Foo foo = new Foo();
...
}
----
=== Compliant solution
[source,java]
----
public class Greeter {
public static final Foo FOO = new Foo();
...
}
----
== Resources
* CWE - https://cwe.mitre.org/data/definitions/500[CWE-500 - Public Static Field Not Marked Final]
* https://wiki.sei.cmu.edu/confluence/x/WjdGBQ[CERT OBJ10-J.] - Do not use public static nonfinal fields
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink