[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Public Static Final Field References Mutable Object

ID: 607Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.

Applicable Platforms
Language: Java

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 
Modify application data
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Protect mutable objects by making them private. Restrict access to the getter and setter as well.
 
  

Relationships

Related CWETypeViewChain
CWE-607 ChildOf CWE-895 Category CWE-888  

Demonstrative Examples   (Details)

  1. Here, an array (which is inherently mutable) is labeled public static final.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
Anonymous Tool Vendor (under NDA)  
 
 

References:
None

© 2013 SecPod Technologies