CWE-582: Array Declared Public, Final, and Static
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified.
扩展描述
Because arrays are mutable objects, the final constraint requires that the array object itself be assigned only once, but makes no guarantees about the values of the array elements. Since the array is public, a malicious program can change the values stored in the array. As such, in most cases an array declared public, final and static is a bug.
常见后果
影响范围: Integrity
技术影响: Modify Application Data
潜在缓解措施
阶段: Implementation
描述: In most situations the array should be made private.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | OBJ10-J | Do not use public static nonfinal variables | - |
| Software Fault Patterns | SFP28 | Unexpected Access Points | - |