Page History

...

In the presence of multiple threads, non-final public static fields can be modified in inconsistent ways. See rule TSM01-J. Do not let the this reference escape during object construction for an example.

Wiki MarkupImproper use of public static fields can also result in type-safety issues. For example, untrusted code can supply an unexpected subtype with malicious methods when the variable is defined to be of a more general type, such as {{java.lang.Object}} \[ [Gong 2003|AA. References#Gong 03]\]. As a result, classes must not contain nonfinal public static fields.

Noncompliant Code Example

Wiki MarkupThis noncompliant code example is adopted from JDK v1.4.2 \ [[FT 2008|AA. References#FT 08]\]. It declares a function table containing a public static field.

Code Block

bgColor	#FFCCCC

package org.apache.xpath.compiler;

public class FunctionTable {
  public static FuncLoader m_functions;
}

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
OBJ10-J	medium	probable	medium	P8	L2

Related Guidelines

MITRE CWE	CWE-493. Critical public variable without final modifier
	CWE-500. Public static field not marked final
Secure Coding Guidelines for the Java Programming Language, Version 3.0	Guideline 3-1. Treat public static fields as constants

Bibliography

...

[[FT 2008AA. References#FT 08]]
Function Table, Class Function Table
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a70a398f-9b1d-4695-8600-0e4c3aed5609"><ac:plain-text-body><! [CDATA[ [[Gong 2003AA. References#Gong 03] ]
9.3, Static Fields
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d59d8c97-a75c-4ac0-8813-6380c0d5f4b0"><ac:plain-text-body><![CDATA[
[ [Nisewanger 2007AA. References#Nisewanger 07]]
Antipattern 5, Misusing Public Static Variables
]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="28b7f9bf-21a9-43ba-86d6-831b1e31474e"><ac:plain-text-body><![CDATA[
[ [Sterbenz 2006AA. References#Sterbenz 06] ]
Antipattern 5, Misusing Public Static Variables ]]></ac:plain-text-body></ac:structured-macro>
...
04. Object Orientation (OBJ)

Space shortcuts

Page tree

Versions Compared

Old Version 134

New Version 135

Key

Noncompliant Code Example

Related Guidelines

Bibliography

[[FT 2008AA. References#FT 08]]	Function Table, Class Function Table
]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a70a398f-9b1d-4695-8600-0e4c3aed5609"><ac:plain-text-body><! [CDATA[ [[Gong 2003AA. References#Gong 03] ]	9.3, Static Fields	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d59d8c97-a75c-4ac0-8813-6380c0d5f4b0"><ac:plain-text-body><![CDATA[
[ [Nisewanger 2007AA. References#Nisewanger 07]]	Antipattern 5, Misusing Public Static Variables	]]></ac:plain-text-body></ac:structured-macro>	<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="28b7f9bf-21a9-43ba-86d6-831b1e31474e"><ac:plain-text-body><![CDATA[
[ [Sterbenz 2006AA. References#Sterbenz 06] ]	Antipattern 5, Misusing Public Static Variables ]]></ac:plain-text-body></ac:structured-macro>