CWE-500
Public Static Field Not Marked Final
AI Translation Available
An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
Status
draft
Abstraction
variant
Likelihood
high
Affected Platforms
C++
Java
Extended Description
AI Translation
Public static variables can be read without an accessor and changed without a mutator by any classes in the application.
Technical Details
AI Translation
Common Consequences
integrity
confidentiality
Impacts
modify application data
read application data
Detection Methods
automated static analysis
Potential Mitigations
Phases:
architecture and design
implementation
Descriptions:
•
Clearly identify the scope for all critical data elements, including whether they should be regarded as static.
•
Make any static fields private and constant.
A constant field is denoted by the keyword 'const' in C/C++ and ' final' in Java