Critical Public Variable Without Final Modifier |
Weakness ID: 493 (Weakness Variant) | Status: Draft |
Description Summary
Extended Description
If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.
Scope | Effect |
---|---|
Integrity | The object could potentially be tampered with. |
Confidentiality | The object could potentially allow the object to be read. |
Example 1
Suppose this WidgetData class is used for an e-commerce web site. The programmer attempts to prevent price-tampering attacks by setting the price of the widget using the constructor.
The price field is not final. Even though the value is set by the constructor, it could be modified by anybody that has access to an instance of WidgetData.
Example 2
Assume the following code is intended to provide the location of a configuration file that controls execution of the application.
While this field is readable from any function, and thus might allow an information leak of a pathname, a more serious problem is that it can be changed by any function.
Phase: Implementation Declare all public fields as final when possible, especially if it is used to maintain internal state of an Applet or of classes used by an Applet. If a field must be public, then perform all appropriate sanity checks before accessing the field from your code. |
Mobile code, such as a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects' state and behavior by adversaries who have access to the same virtual machine where your program is running. |
Final provides security by only allowing non-mutable objects to be changed after being set. However, only objects which are not extended can be made final. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 216 | Containment Errors (Container Errors) | Research Concepts1000 |
ChildOf | Weakness Class | 485 | Insufficient Encapsulation | Seven Pernicious Kingdoms (primary)700 |
ChildOf | Category | 490 | Mobile Code Issues | Development Concepts (primary)699 |
ChildOf | Weakness Class | 668 | Exposure of Resource to Wrong Sphere | Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 500 | Public Static Field Not Marked Final | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
7 Pernicious Kingdoms | Mobile Code: Non-Final Public Field | ||
CLASP | Failure to provide confidentiality for stored data |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
7 Pernicious Kingdoms | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Common Consequences, Description, Likelihood of Exploit, Relationships, Other Notes, Taxonomy Mappings | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Background Details, Demonstrative Examples, Description, Other Notes, Potential Mitigations | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Background Details, Demonstrative Examples, Description, Relationships | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Mobile Code: Non-final Public Field | |||