...
An alternative approach is to have a private array from which a public immutable list is contructedconstructed:
| Code Block | ||
|---|---|---|
| ||
private static final SomeType [] THE_THINGS = { ... };
public static final List<SomeType> SOMETHINGS =
Collections.unmodifiableList(Arrays.asList(THE_THINGS));
|
...
Having a public static final array is a potential security risk , as because the array elements may be modified by a client.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC37-J | mediumMedium | likelyLikely | lowLow | P18 | L1 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
References
...
| [Bloch 2008] | Item 13 |
...
| , "Minimize the |
...
| Accessibility of Classes and Members" | |
| [JLS 2015] | §6.6, "Access Control" |
...
classes and membersSEC36-J. Ensure that the bytecode verifier is applied to all involved code upon any modification 09. Platform Security (SEC) 01. Declarations and Initialization (DCL)