You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Philip May (JIRA)" <ji...@apache.org> on 2008/02/19 16:38:43 UTC

[jira] Created: (MODELER-26) Fields are not final but should be

Fields are not final but should be
----------------------------------

                 Key: MODELER-26
                 URL: https://issues.apache.org/jira/browse/MODELER-26
             Project: Commons Modeler
          Issue Type: Bug
            Reporter: Philip May


A mutable static fields could be changed by malicious code or by accident from another package. 
The two following fields could be made final to avoid this vulnerability:
Class: Registry
Field: public static String MODELER_MANIFEST="/META-INF/mbeans-descriptors.xml";

Class: IntrospectionUtils
Field: public static String PATH_SEPARATOR = System.getProperty("path.separator");



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (MODELER-26) Fields are not final but should be

Posted by "Philip May (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/MODELER-26?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Philip May updated MODELER-26:
------------------------------

    Attachment: final-fields.patch

here is the patch for the two classes (fields)

> Fields are not final but should be
> ----------------------------------
>
>                 Key: MODELER-26
>                 URL: https://issues.apache.org/jira/browse/MODELER-26
>             Project: Commons Modeler
>          Issue Type: Bug
>            Reporter: Philip May
>         Attachments: final-fields.patch
>
>
> A mutable static fields could be changed by malicious code or by accident from another package. 
> The two following fields could be made final to avoid this vulnerability:
> Class: Registry
> Field: public static String MODELER_MANIFEST="/META-INF/mbeans-descriptors.xml";
> Class: IntrospectionUtils
> Field: public static String PATH_SEPARATOR = System.getProperty("path.separator");

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.