The program violates secure coding principles for mobile code by returning a private
array variable from a public
access method.
Returning a private
array variable from a public
access method allows the calling code to modify the contents of the array, effectively giving the array public
access and contradicting the intentions of the programmer who made it private
.
Example 1: The following Java Applet code mistakenly returns a private
array variable from a public
access method.
public final class urlTool extends Applet {
private URL[] urls;
public URL[] getURLs() {
return urls;
}
...
}
[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 495
[2] G. McGraw Securing Java. Chapter 7: Java Security Guidelines