JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
Java

JAVA.CLASS.VIS.SFIELD : Static Field Too Visible (Java)

Summary

Visibility for a static, non-final field is too permissive. In consequence, the internal implementation of objects is accessible and modifiable from outside their class.

Only fields whose visibility is equal to, or more permissive than, the value specified for configuration parameter JAVA_ANALYSIS_FIELD_VISIBILITY are included in checks for this class. Fields whose visibility is more restrictive than the specified value cannot trigger warnings of this class.

Properties

Class Name Static Field Too Visible (Java)
Significance reliability
Mnemonic JAVA.CLASS.VIS.SFIELD
Categories
CWE CWE:487 Reliance on Package-level Scope
  CWE:608 Struts: Non-private Field in ActionForm Class
  CWE:766 Critical Data Element Declared Public
  CWE:1061 Insufficient Encapsulation
OWASP-2017 OWASP-2017:A1 Injection
OWASP-2021 OWASP-2021:A3 Injection
OWASP-2025 OWASP-2025:A05 Injection
Availability Available for Java and Kotlin.
Enabling Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += allow class="Static Field Too Visible (Java)"

Example 

public class C {
  private int f1;
  protected int f2;
  int f3;
  public int f4;
  private final int f5 = 5;;
  protected final int f6 = 6;
  final int f7 = 7;
  public final int f8 = 8;
  private static int f9;
  protected static int f10;             /* "Static Field Too Visible" warning issued here
                                         * when JAVA_ANALYSIS_FIELD_VISIBILITY=PRIVATE
                                         */ 
  static int f11;                       /* "Static Field Too Visible" warning issued here
                                         * when JAVA_ANALYSIS_FIELD_VISIBILITY=PRIVATE
                                         */ 
  public static int f12;                /* "Static Field Too Visible" warning issued here
                                         * when JAVA_ANALYSIS_FIELD_VISIBILITY=PROTECTED (the default) or JAVA_ANALYSIS_FIELD_VISIBILITY=PRIVATE
                                         */ 
  private final static int f13 = 13;
  protected final static int f14 = 14;
  final static int f15 = 15;
  public final static int f16 = 16;
}

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.