CWE-495

Private Data Structure Returned From A Public Method

AI Translation Available

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

Status

draft

Abstraction

variant

Affected Platforms

C C# C++ Java Object-Oriented

Technical Details

AI Translation

Common Consequences

integrity

Impacts

modify application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• Clone the member data and keep an unmodified version of the data private to the object.

• Declare the method private.

• Use public setter methods that govern how a private member can be modified.

AI Generated Translation

Common Consequences

integrità

Impacts

modificare dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Clona i dati del membro e conserva una versione non modificata dei dati privata all'oggetto.

• Dichiara il metodo come private.

• Utilizza metodi setter pubblici che regolano come un membro privato può essere modificato.

CWE-495

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter