CXX.MEMBER.CRITICAL.PUBLIC.METHOD
Critical private member data shall not be directly writable by a public method
The software defines public methods that read or modify private variables.
Vulnerability and risk
If an attacker modifies a variable to contain an unexpected value, it can break assumptions elsewhere in the code. Also, if an attacker can read a private variable, it can expose sensitive information or launch additional attacks more easily.
Mitigation and prevention
Critical private member data should not be directly writable by public methods.
Vulnerable code example
class User {
public:
void setUsername(string newUser){this->username = newuser;};
private:
string username;
};
Mixing non-normal public and private data members can be a mix of class intent. If a class is a collection of loosely related values, all date members must be made public. On the other hand, if a class tries to remain immutable, all data members must be private. Mixing data members with different levels of accessibility blurs the purpose of the class.