CWE-607: Public Static Final Field References Mutable Object
Learn about CWE-607 (Public Static Final Field References Mutable Object), its security impact, exploitation methods, and prevention guidelines.
What is Public Static Final Field References Mutable Object?
• Overview: This vulnerability occurs when a public or protected static final field in Java references a mutable object, allowing it to be modified by external code. This can lead to unintended changes or security breaches, as the object is accessible and mutable across the application.
• Exploitation Methods:
- Attackers can exploit this vulnerability by accessing the mutable object and altering its state, which may lead to unauthorized actions or data corruption.
- Common attack patterns include modifying configuration objects, altering security settings, or injecting malicious data through the mutable object.
• Security Impact:
- Direct consequences include unauthorized modification of application state, data corruption, or security configurations being bypassed.
- Potential cascading effects involve destabilizing application functionality, leading to broader security vulnerabilities or data integrity issues.
- Business impact might include damage to reputation, financial losses, and regulatory compliance violations due to data breaches or service disruptions.
• Prevention Guidelines:
- Specific code-level fixes include replacing mutable objects with immutable alternatives or using defensive copying to ensure the original object remains unchanged.
- Security best practices involve restricting access to mutable objects by using private fields and providing controlled access via methods that return copies.
- Recommended tools and frameworks include static analysis tools to detect instances of mutable public static final fields and libraries that offer immutable data structures.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Java
Affected Technologies: Not specified
Vulnerable Code Example
Java Example
import java.util.ArrayList;
import java.util.List;
public class Config {
// Vulnerable: Public static final field references a mutable List object
public static final List<String> ALLOWED_HOSTS = new ArrayList<>();
static {
ALLOWED_HOSTS.add("example.com");
ALLOWED_HOSTS.add("test.com");
}
}
Explanation:
- The
ALLOWED_HOSTSfield is declared aspublic static final, which implies it should be a constant. However, it references a mutableListobject. - Since the field is public, any external code can modify the list. This could lead to unintended side effects or security vulnerabilities if the list is altered maliciously.
How to fix Public Static Final Field References Mutable Object?
To fix this issue, we need to ensure that the mutable object cannot be modified externally. This can be achieved by:
- Encapsulation: Keep the mutable object private and provide controlled access through methods.
- Immutability: Use immutable collections to prevent any modifications.
- Defensive Copying: When returning a reference to a collection, return a copy instead of the original.
In this case, we'll make the list private and provide a method to access it as an unmodifiable list.
Fixed Code Example
import java.util.Collections;
import java.util.List;
import java.util.ArrayList;
public class Config {
// Fix: Make the list private to prevent direct access
private static final List<String> ALLOWED_HOSTS;
static {
List<String> hosts = new ArrayList<>();
hosts.add("example.com");
hosts.add("test.com");
ALLOWED_HOSTS = Collections.unmodifiableList(hosts);
}
// Provide read-only access to the list
public static List<String> getAllowedHosts() {
return ALLOWED_HOSTS;
}
}
Explanation:
- The
ALLOWED_HOSTSlist is now private, preventing direct access from outside the class. - We wrap the list with
Collections.unmodifiableList()to ensure that it cannot be modified after its initial creation. - Access to the list is provided via a getter method, which returns the unmodifiable version. This ensures that external code cannot alter the list, preserving its integrity and ensuring application stability and security.