Page History

...

Unauthorized modifications of public static variables can result in unexpected behavior and violation of class invariants. Furthermore, because static variables can be visible to code loaded by different class loaders when those class loaders are in the same delegation chain, such variables can be used as a covert communication channel between different application domains.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
OBJ10-J	Medium	Probable	Medium	P8	L2

Automated Detection

Tool	Version	Checker	Description
CodeSonar	4.2	FB.MALICIOUS_CODE.MS_SHOULD_BE_FINAL FB.MALICIOUS_CODE.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL	Field isn't final but should be Field isn't final but should be refactored to be so
Eclipse	1.0

Implemented. The serializable class .* does not declare a static final serialVersionUID field of type long

Coverity 7.5 FB.MS_SHOULD_BE_FINAL Implemented

Findbugs 1.0 MS_MUTABLE_ARRAY MS_SHOULD_BE_FINAL Implemented

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

SECURITY.EAB.SPFF

SonarQube

Include Page

	SonarQube_V
	SonarQube_V

S1444

"public static" fields should be constant

Related Guidelines

MITRE CWE	CWE-493, Critical Public Variable without Final Modifier CWE-500, Public Static Field Not Marked Final
Secure Coding Guidelines for Java SE, Version 5.0	Guideline 6-10 / MUTABLE-10: Ensure public static final field values are constants

Bibliography

[FT 2008]	"Function Table" "Class Function Table"
[Gong 2003]	Section 9.3, "Static Fields"
[Nisewanger 2007]	Antipattern 5, Misusing Public Static Variables
[Sterbenz 2006]	Antipattern 5, Misusing Public Static Variables

...

Field isn't final but should be refactored to be so

Space shortcuts

Page tree

Versions Compared

Old Version 152

New Version 153

Key

Automated Detection

Related Guidelines

Bibliography