...
Failing to limit field accessibility can defeat encapsulation, allow attackers to manipulate fields to violate class invariants, or allow these fields to be corrupted as the result of concurrent accesses from multiple threads.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
OBJ01-J | Medium | Likely | No | MediumNo | P12P6 | L1L2 |
Automated Detection
Detection of public and protected fields is trivial; heuristic detection of the presence or absence of accessor methods is straightforward. However, simply reporting all detected cases without suppressing those cases covered by the exceptions to this rule would produce excessive false positives. Sound detection and application of the exceptions to this rule is infeasible; however, heuristic techniques may be useful.
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Klocwork |
| SV.EXPOSE.MUTABLEFIELD SV.EXPOSE.FIELD SV.EXPOSE.IFIELD SV.STRUTS.PRIVATE SV.STRUTS.STATIC |
| ||||||
| SonarQube |
| S2386 | Mutable fields should not be "public static" Implemented for public static array, Collection, Date, and awt.Point members. |
...