SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 118

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 119

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Wiki MarkupImmutability helps to supporting security reasoning. It is safe to share immutable objects, without risk that the recipient can modify something that we are relying on \[ [Mettler 2010B|AA. References#Mettler 2010B]\].unmigrated-wiki-markup

Programmers could incorrectly expect that declaring a field or variable {{final}} makes the referenced object immutable. Declaring variables that have a primitive type to be {{final}} does prevent changes to their values after initialization (unless the unsupported {{sun.misc.Unsafe}} class is used). However, when the variable has a reference type, the presence of a {{final}} clause in the declaration only makes _the reference itself_ immutable. The {{final}} clause has no effect on the referenced object. Consequently, the fields of the referenced object can be mutable. For example, according to the _Java Language Specification_ \[ [JLS 2005|AA. References#JLS 05]\], [§4.12.4|http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4], §4.12.4], "{{final}} Variables,"

If a final variable holds a reference to an array, then the components of the array may be changed by operations on the array, but the variable will always refer to the same array.

...

MITRE CWE

CWE ID 607, "Public Static Final Field References Mutable Object"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e173e76c-0a2b-4e1b-8207-fa3ac4a41beb"><ac:plain-text-body><! [CDATA[ [[Bloch 2008AA. References#Bloch 08]]

Item 13: Minimize the accessibility of classes and members

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="53692656-c9f4-4fac-a75f-9aaf0f5b8eda"><ac:plain-text-body><![CDATA[

[ [Core Java 2004AA. References#Core Java 04] ]

Chapter 6 ]]></ac:plain-text-body></ac:structured-macro><ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="38bef1ce-5ad1-4e8f-9393-0b9899318e05"><ac:plain-text-body><!

[CDATA[ [[JLS 2005AA. References#JLS 05] ]

[§4.12.4 "final Variables"

http://java.sun.com/docs/books /jls/third_edition/html/typesValues.html#4.12.4] ]]></ac:plain-text-body></ac:structured-macro>

 

§6.6 "Access Control"<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="39c908ae-a7c1-4840-ba86-7628ee9bdf1b"><ac:plain-text-body><![CDATA[

[[Mettler 2010BAA. References#Mettler 2010B]]

 ]]></ac:plain-text-body></ac:structured-macro>

...

04. Object Orientation (OBJ)