rspec/rules/S2385/rule.adoc

Mutable ``++static++`` members which are accessed directly, rather than through getters and setters, should be protected to the degree possible. That can be done by reducing visibility or making the field ``++final++`` if appropriate. Note that making a mutable field, such as an array, ``++final++`` will keep the variable from being reassigned, but doing so has no effect on the mutability of the internal state of the array (i.e. it doesn't accomplish the goal).


This rule checks that ``++static++`` arrays, ``++Collection++``s, ``++Date++``s, and ``++awt.Point++``s are not ``++public++`` in classes and enumerations.


== Noncompliant Code Example

[source,text]
----
public class A {
  public static String [] strings1 = {"first","second"};  // Noncompliant
  public static String [] strings2 = {"first","second"};  // Noncompliant
  public static List<String> strings3 = new ArrayList&lt;&gt;();  // Noncompliant
  // ...
}
----


== Compliant Solution

[source,text]
----
public class A {
  protected static final String [] strings1 = {"first","second"};  // access limited
  private static String [] strings2 = {"first","second"};  // made private with getter, setter
  private static List<String> strings3 = new ArrayList<>();

  public static String [] getStrings2() {
    return strings2.clone();
  }

  public static void setStrings2(String [] strings) {
    strings2 = strings.clone();
  }

  // ...
}
----


== See

* https://cwe.mitre.org/data/definitions/582[MITRE, CWE-582] - Array Declared Public, Final, and Static
* https://cwe.mitre.org/data/definitions/607[MITRE, CWE-607] - Public Static Final Field References Mutable Object

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]

endif::env-github,rspecator-view[]