SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 40

changes.mady.by.user Robert Schiela

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

This noncompliant code example complies with OBJ01-J. Limit accessibility of fields by declaring the array private. But, in declaring the array private, this code example violates OBJ05-J. Do not return references to private mutable class members.

Suppose that SomeType is immutable.

...

Having a public static final array is a potential security risk because the array elements may be modified by a client.

Rule

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

OBJ13-J

Medium

Likely

Yes

NoLow

P18P12

L1

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.OBJ13.RMOAvoid referencing mutable fields
SonarQube
Include Page
SonarQube_V
SonarQube_V

S2386

S2384

Mutable fields should not be "public static"

Mutable members should not be stored or returned directly

SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

MS_EXPOSE_REP
EI_EXPOSE_REP
EI_EXPOSE_STATIC_REP2
EI_EXPOSE_STATIC_REP2

Implemented (since 4.3.0)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

...