Proposed Rule Name:
StaticFieldMustBeFinal MutableStaticState
Proposed Category:
Security Design
Description:
Public and protected static fields must be made constants (or immutable references) by declaring them final.
https://rules.sonarsource.com/java/RSPEC-1444
'There is no good reason to declare a field "public" and "static" without also declaring it "final". Most of the time this is a kludge to share a state among several objects. But with this approach, any object can do whatever it wants with the shared state, such as setting it to null.'
https://www.oracle.com/java/technologies/javase/seccodeguide.html#6-9
Guideline 6-9 / MUTABLE-9: Make public static fields final
"Callers can trivially access and modify public non-final static fields. Neither accesses nor modifications can be guarded against, and newly set values cannot be validated. Fields with subclassable types may be set to objects with malicious implementations. Always declare public static fields as final.
....
Protected static fields suffer from the same problem as their public equivalents but also tend to indicate confused design."
Code Sample:
Noncompliant Code Example
public class Greeter { public static Foo foo = new Foo(); ... }
Compliant Solution
public class Greeter { public static final Foo FOO = new Foo(); ...
Possible Properties:
None
Possibly affected rules:
AssignmentToNonFinalStatic
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4