CWE-582: Array Declared Public, Final, and Static

Description

The product declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified.

Submission Date :

Dec. 15, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

Because arrays are mutable objects, the final constraint requires that the array object itself be assigned only once, but makes no guarantees about the values of the array elements. Since the array is public, a malicious program can change the values stored in the array. As such, in most cases an array declared public, final and static is a bug.

Example Vulnerable Codes

Example - 1

The following Java Applet code mistakenly declares an array public, final and static.


public final static URL[] urls;...public final class urlTool extends Applet {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-668: Exposure of Resource to Wrong Sphere

Go to

Visit http://cwe.mitre.org/ for more details.