CXX.STATIC.OBJ.FINAL

Initialized public static field not mark as final

The object contains initialized public static fields that are not marked final, which can cause them to be modified in unexpected ways.

Vulnerability and risk

Public static variables can be read without accessors and can be changed without mutators in any class in the application.

Mitigation and prevention

Declare public static field with the final 'const' declarator

Vulnerable code example

1
2
3
4
class SomeAppClass {
public:
        static string appPropertiesConfigFile = "app/properties.config";        // Should be const
};

The above example allows an initialized public static string variable to be changed in an unintended way for the application. In this example, the String variable can be modified to cause the application to hang or cause unexpected behavior to show other properties files that do not exist.