CWE-582
Array Declared Public, Final, and Static
Description
The product declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified.
Because arrays are mutable objects, the final constraint requires that the array object itself be assigned only once, but makes no guarantees about the values of the array elements. Since the array is public, a malicious program can change the values stored in the array. As such, in most cases an array declared public, final and static is a bug.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Application Data
Potential Mitigations
In most situations the array should be made private.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now