JAVA-S1050 · Non-final static fields should not be public

Non-final static fields should not be public JAVA-S1050

Security

Critical

2 years ago — 2 years old

gorenest_health should not be public

src/main/java/mod/azure/doom/config/DoomConfig.java

668	public static float mechazombie_ranged_damage = 3;
669
670	@Entry
671	public static double gorenest_health = 5;672}

mechazombie_ranged_damage should not be public

src/main/java/mod/azure/doom/config/DoomConfig.java

665	@Entry
666	public static double mechazombie_health = 25;
667	@Entry
668	public static float mechazombie_ranged_damage = 3;669
670	@Entry
671	public static double gorenest_health = 5;

mechazombie_health should not be public

src/main/java/mod/azure/doom/config/DoomConfig.java

663	public static float possessed_soldier_ranged_damage = 2;
664
665	@Entry
666	public static double mechazombie_health = 25;667	@Entry
668	public static float mechazombie_ranged_damage = 3;
669

possessed_soldier_ranged_damage should not be public

src/main/java/mod/azure/doom/config/DoomConfig.java

660	@Entry
661	public static double possessed_soldier_health = 15;
662	@Entry
663	public static float possessed_soldier_ranged_damage = 2;664
665	@Entry
666	public static double mechazombie_health = 25;

possessed_soldier_health should not be public

src/main/java/mod/azure/doom/config/DoomConfig.java

658	public static double possessed_scientist_melee_damage = 2;
659
660	@Entry
661	public static double possessed_soldier_health = 15;662	@Entry
663	public static float possessed_soldier_ranged_damage = 2;
664

Description

This code contains a public static field which is not final, or is mutable even when declared as final.

Consider making the field private, as it is possible that such a field could be manipulated to produce unintended results.

Bad Practice

Here, the NUM_RETRIES field could be manipulated to perform a Denial of Service (DoS) attack when set to some very high number.

class SomeClass {

    public static int NUM_RETRIES = 3;

}

// Elsewhere...

SomeClass someObj = ...;
SomeClass.NUM_RETRIES = Integer.MAX_VALUE; // This could make an application hang!

AzureDoom / MCDoom

Bad Practice

Recommended