CWE-500ΒΆ
Public Static Field Not Marked Final. [Improper-Control-Of-A-Resource-Through-Its-Lifetime]
Required inputs: IR
Background Details Demonstrative Examples
Background Details Demonstrative Examples
Example 1
The following examples use of a public static String variable to contain the name of a property/configuration file for the application.
Example Language:C++
class SomeAppClass {
public:
static string appPropertiesConfigFile = "app/properties.config";
...
}
Example Language:Java (Unsupported language for documentation only)
public class SomeAppClass {
public static String appPropertiesFile = "app/Application.properties";
...
}
Having a public static variable that is not marked final (constant) may allow the variable to the altered in a way not intended by the application. In this example the String variable can be modified to indicate a different on nonexistent properties file which could cause the application to crash or caused unexpected behavior.
Example Language:C++
class SomeAppClass {
public:
static const string appPropertiesConfigFile = "app/properties.config";
...
}
Example Language:Java (Unsupported language for documentation only)
public class SomeAppClass {
public static final String appPropertiesFile = "app/Application.properties";
...
}Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.Possible Messages
Key |
Text |
Severity |
Disabled |
|---|---|---|---|
public_static_without_const |
Public static fields must be const. |
None |
False |
Options
This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions
This rule has no individual options.