SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 89

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 90

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki MarkupClient code can trivially access {{public}} {{static}} fields. Neither reads nor writes to such variables are checked by a security manager. Furthermore, new values cannot be validated programmatically before they are stored in the field. Classes loaded by the same class loaders can access each others' {{public}} {{static}} members. For example, consider Java applets \[[Sun 2008|AA. Bibliography#Sun 08]\]:

Normally, if two applets have the same codebase and archive parameters, they will be loaded by the same class loader instance. This behavior is required for backward compatibility and is relied on by several real-world applications. The result is that multiple applets on the same web page may access each others' static variables at the Java language level, effectively allowing the multiple applets to be written as though they comprised a single application.

However, applets loaded by different class loader instances are completely isolated and cannot access each others' public static fields. Furthermore, code from any class can access public members of any class that was loaded by any class loader in the delegation chain of the current class's class loader. In the diagram below, for example, code in classes C4 and C5 can freely access public members of class C2, whereas neither class C2 nor class C4 can access public members of class C5. Image Removed

In the presence of multiple threads, non-final public static fields can be modified in inconsistent ways. (For an example, see guideline TSM01-J. Do not let the (this) reference escape during object construction.)

...

Unauthorized modifications of public static variables can result in unexpected behavior and violation of class invariants. Furthermore, because static variables can be visible to code loaded by different class loaders when those class loaders are in the same delegation chain, such variables can be used as a covert communication channel between different application domains in some cases. For more information, see ???.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ03-J

medium

probable

medium

P8

L2

Related Guidelines

Wiki Markup
[MITRE CWE|http://cwe.mitre.org/]: [CWE-582|http://cwe.mitre.org/data/definitions/582.html] "Array Declared Public, Final, and Static"

[MITRE CWE|http://cwe.mitre.org/]: [CWE-493|http://cwe.mitre.org/data/definitions/493.html] "Critical Public Variable Without Final Modifier"

[MITRE CWE|http://cwe.mitre.org/]: [CWE-500|http://cwe.mitre.org/data/definitions/500.html] "Public Static Field Not Marked Final"
Wiki Markup

\[[SCG 2007|AA. Bibliography#SCG 07]\] Guideline 3.1, Treat public static fields as constants

...