rspec/rules/S1873/rule.adoc

== Why is this an issue?

Public arrays, even ones declared ``++static final++`` can have their contents edited by malicious programs. The ``++final++`` keyword on an array declaration means that the array object itself may only be assigned once, but its contents are still mutable. Therefore making arrays ``++public++`` is a security risk.


Instead, arrays should be private and accessed through methods.


=== Noncompliant code example

[source,text]
----
public class Estate {
  // Noncompliant; array contents can be modified
  public static final String [] HEIRS = new String [] { 
    "Betty", "Suzy" };
}

public class Malicious {
  public void changeWill() {
    Estate.HEIRS[0] = "Biff";
    if (Estate.HEIRS.length > 1) {
      for (int i = 1; i < Estate.HEIRS.length; i++) {
        Estate.HEIRS[i] = "";
      }
  }
}
----


=== Compliant solution

[source,text]
----
public class Estate {
  private static final String [] HEIRS = new String [] { 
    "Betty", "Suzy" };

  public String [] getHeirs() {
    // return copy of HEIRS
  }
}

----


== Resources

* CWE - https://cwe.mitre.org/data/definitions/582[CWE-582 - Array Declared Public, Final, and Static]
* CWE - https://cwe.mitre.org/data/definitions/607[CWE-607 - Public Static Final Field References Mutable Object]
* https://wiki.sei.cmu.edu/confluence/x/LjdGBQ[CERT, OBJ01-J.] - Limit accessibility of fields
* https://wiki.sei.cmu.edu/confluence/x/VzZGBQ[CERT, OBJ13-J.] - Ensure that references to mutable objects are not exposed

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Make this array "private".


'''
== Comments And Links
(visible only on this page)

=== on 30 Jul 2014, 21:24:47 Freddy Mallet wrote:
FYI [~ann.campbell.2], I've just added the two tags "security" and "cwe"


endif::env-github,rspecator-view[]