...
Unauthorized modifications of public static variables can result in unexpected behavior and violation of class invariants. Furthermore, because static variables can be visible to code loaded by different class loaders when those class loaders are in the same delegation chain, such variables can be used as a covert communication channel between different application domains.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
OBJ10-J | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
CodeSonar | 4.2 | FB.MALICIOUS_CODE.MS_SHOULD_BE_FINAL FB.MALICIOUS_CODE.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL | Field isn't final but should be Field isn't final but should be refactored to be so |
Eclipse | 1.0 |
Implemented. The serializable class .* does not declare a static final serialVersionUID field of type long | |||||||
Coverity | 7.5 | FB.MS_SHOULD_BE_FINAL | Implemented | ||||
Findbugs | 1.0 | MS_MUTABLE_ARRAY MS_SHOULD_BE_FINAL | Implemented | ||||
Parasoft Jtest |
|
CERT. |
OBJ10.SPFF |
CERT.OBJ10.RMO | Inspect 'static' fields which may have intended to be declared 'static final' Avoid referencing mutable fields | |||||||
SonarQube |
| S1444 |
"public static" fields should be constant | |||||||||
SpotBugs |
| MS_SHOULD_BE_FINAL | Implemented |
Related Guidelines
CWE-493, Critical Public Variable without Final Modifier | |
Guideline 6-10 / MUTABLE-10: Ensure public static final field values are constants |
Bibliography
[FT 2008] | "Function Table" |
Section 9.3, "Static Fields" | |
Antipattern 5, Misusing Public Static Variables | |
Antipattern 5, Misusing Public Static Variables |
...
...
Field isn't final but should be refactored to be so