[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Public Static Final Field References Mutable Object

ID: 607Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.

Applicable Platforms
Language: Java

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 
Modify application data
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Protect mutable objects by making them private. Restrict access to the getter and setter as well.
 
  

Relationships

Related CWETypeViewChain
CWE-607 ChildOf CWE-895 Category CWE-888  

Demonstrative Examples   (Details)

  1. Here, an array (which is inherently mutable) is labeled public static final.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
Anonymous Tool Vendor (under NDA)  
 
 

References:
None

© SecPod Technologies