...
| Code Block | ||
|---|---|---|
| ||
private static final String[] items = { ... };
public static final List<String> itemsList =
Collections.unmodifiableList(Arrays.asList(items));
|
Wiki Markup public}} list can be modified by a client. For more details about unmodifiable wrappers, refer to \[void SEC14-J. Provide sensitive mutable classes with unmodifiable wrappers\]. This solution still applies if the array contains mutable items instead of {{String}}.
Risk Assessment
Incorrectly assuming that final references cause the contents of the referenced object to remain mutable can result in an attacker modifying an object thought by the programmer to be immutable.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8f6e3ad695ce2a42-1e2fa49d-4fca4f78-8c64aefe-b2bdc4ab82df71f50a3f1bf5"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. References#Bloch 08]] | Item 13: Minimize the accessibility of classes and members | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="98bd34fdd11f523c-65454290-41144103-9e1a80b9-3b4c0d10edb45886d8682803"><ac:plain-text-body><![CDATA[ | [[Core Java 2004 | AA. References#Core Java 04]] | Chapter 6 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b583defc56a59332-d00a77a9-40104cb7-8a9abfbb-3fcb30508a36ccddd7cec51d"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. References#JLS 05]] | [§4.12.4 "final Variables" | http://java.sun.com/docs/books /jls/third_edition/html/typesValues.html#4.12.4] ]]></ac:plain-text-body></ac:structured-macro> |
| ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e098629afc10a0b2-1d285b9c-4a204ce8-bb5cb34d-e97a516641caa6b9deaa8f03"><ac:plain-text-body><![CDATA[ | [[Mettler 2010B | AA. References#Mettler 2010B]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
...