Read Time:31 Second
Description
The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Integrity: Modify Application Data
The contents of the data structure can be modified from outside the intended scope.
Potential Mitigations
Phase: Implementation
Description:
Declare the method private.
Phase: Implementation
Description:
Clone the member data and keep an unmodified version of the data private to the object.
Phase: Implementation
Description:
Use public setter methods that govern how a private member can be modified.