Page History

...

Unauthorized modifications of public static variables can result in unexpected behavior and violation of class invariants. Furthermore, because static variables can be visible to code loaded by different class loaders when those class loaders are in the same delegation chain, such variables can be used as a covert communication channel between different application domains.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
OBJ10-J	Medium	Probable	Yes	MediumNo	P8	L2

Automated Detection

FB.MALICIOUS_CODE.MS_SHOULD_BE_FINALSECURITYEABPBCUB

Tool Version Checker Description CodeSonar 4.2 FB.MALICIOUS_CODE.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL Field isn't final but should be
Field isn't final but should be refactored to be so

Eclipse 1.0 Implemented. The serializable class .* does not declare a static final serialVersionUID field of type long

Coverity 7.5 FB.MS_SHOULD_BE_FINAL Implemented

Findbugs 1.0 MS_MUTABLE_ARRAY MS_SHOULD_BE_FINAL Implemented

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

SV.EXPOSE.FIELD
SV.STRUTS.STATIC

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.

OBJ10.SPFF

CERT.

OBJ10.RMO

Inspect 'static' fields which may have intended to be declared 'static final'
Avoid referencing mutable fields

SonarQube

Include Page

	SonarQube_V
	SonarQube_V

S1444

"public static" fields should be constant

SpotBugs

Include Page

	SpotBugs_V
	SpotBugs_V

MS_SHOULD_BE_FINAL

Implemented

Related Guidelines

MITRE CWE	CWE-493, Critical Public Variable without Final Modifier CWE-500, Public Static Field Not Marked Final
Secure Coding Guidelines for Java SE, Version 5.0	Guideline 6-10 / MUTABLE-10: Ensure public static final field values are constants

...

Space shortcuts

Page tree

Versions Compared

Old Version 154

New Version Current

Key

Automated Detection

Related Guidelines