SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 109

changes.mady.by.user Todd Nowacki

Saved on

compared with

New Version 110

changes.mady.by.user Todd Nowacki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
            Immutability helps to supporting security reasoning. It is safe to share immutable objects, without risk that the recipient can modify something that we are relying upon \[java:[Mettler 2010B|AA. Bibliography#Mettler 2010B]\].

Wiki Markup
Programmers could incorrectly expect that declaring a field or variable {{final}} makes the referenced object immutable. Declaring variables that have a primitive type to be {{final}} does prevent changes to their values after initialization (unless the unsupported {{sun.misc.Unsafe}} class is used). However, when the variable has a reference type, the presence of a {{final}} clause in the declaration only makes _the reference itself_ immutable. The {{final}} clause has no effect on the referenced object. Consequently, the fields of the referenced object can be mutable. For example, according to the _Java Language Specification_ \[java:[JLS 2005|AA. Bibliography#JLS 05]\], [§4.12.4|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.12.4], "{{final}} Variables,"

...

Related Guidelines

MITRE CWE

CWE ID 607, "Public Static Final Field References Mutable Object"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f34fdfe494f3f30a-8d8d9c98-47ba47e4-85ef8112-6dfd94bd65d16bdcc9e9add5"><ac:plain-text-body><![CDATA[

[java:[Bloch 2008

AA. Bibliography#Bloch 08]]

Item 13: Minimize the accessibility of classes and members

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a69c3c0eef043f1f-ddc07714-468a4e9f-a773a97f-297f866487a6f1aaf3545c55"><ac:plain-text-body><![CDATA[

[java:[Core Java 2004

AA. Bibliography#Core Java 04]]

Chapter 6

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3f93b8a1750fdf63-29781fad-466b4ee6-9b0b9f4a-d4b920ec79986eddc3a67614"><ac:plain-text-body><![CDATA[

[java:[JLS 2005

AA. Bibliography#JLS 05]]

[§4.12.4 "final Variables"

http://java.sun.com/docs/books /jls/third_edition/html/typesValues.html#4.12.4] ]]></ac:plain-text-body></ac:structured-macro>

 

§6.6 "Access Control"

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dbfca8b204387e55-926a2236-45674eff-9f35b575-61cdca8de1b305a359646073"><ac:plain-text-body><![CDATA[

[java:[Mettler 2010B

AA. Bibliography#Mettler 2010B]]

 

]]></ac:plain-text-body></ac:structured-macro>

...