VariantDraft

CWE-495Private Data Structure Returned From A Public Method

Category: other

Description

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

Common consequences· 1

  • Integrity — Modify Application Data
    The contents of the data structure can be modified from outside the intended scope.

Potential mitigations· 3

  • [Implementation]Declare the method private.
  • [Implementation]Clone the member data and keep an unmodified version of the data private to the object.
  • [Implementation]Use public setter methods that govern how a private member can be modified.

References

  1. https://cwe.mitre.org/data/definitions/495.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Access to Critical Private Variable via Public Method
CWE
Critical Data Element Declared Public
CWE
Insufficient Encapsulation
CWE
Passing Mutable Objects to an Untrusted Method
CWE
Exposed Dangerous Method or Function
CWE
Use of Object without Invoking Destructor Method
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.