CWE-496: Public Data Assigned to Private Array-Typed Field

Export to Word

Description

Assigning public data to a private array is equivalent to giving public access to the array.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Modify Application Data — Notes: The contents of the array can be modified from outside the intended scope.

Potential Mitigations

Implementation: Do not allow objects to modify private members of a class. (N/A)

Applicable Platforms

C (N/A, Undetermined)
C++ (N/A, Undetermined)
Java (N/A, Undetermined)
C# (N/A, Undetermined)

Demonstrative Examples

Intro: In the example below, the setRoles() method assigns a publically-controllable array to a private field, thus allowing the caller to modify the private array directly by virtue of the fact that arrays in Java are mutable.

private String[] userRoles; public void setUserRoles(String[] userRoles) { this.userRoles = userRoles; }

Notes

No notes available.

← Back to CWE list