Critical data member is not private

A critical data member is declared public

Since R2022a

Description

This defect occurs when you declare a critical nonstatic data member of a class to be public. By default, Polyspace^® assumes that no data member is critical. Specify the critical data members in your code by using the code behavior CRITICAL_DATA. See Specifying Critical Data Members. If you do not specify any critical data members, Polyspace raises a warning during the analysis.

Risk

Declaring the critical data members as public allows the clients of a class to modify critical data members. You can inadvertently introduce vulnerabilities when critical data members are public. The vulnerabilities of such code are difficult to find and time-consuming to fix.

Fix

To fix this defect, determine which data members are critical and declare them as private or protected.

Extend Checker

This defect checker requires a list of critical data members to be externally specified. Even if you specify the checker using the option Find defects (-checkers), it is not enabled unless you also specify a list of critical data members. See Modify Bug Finder Checkers Through Code Behavior Specifications.

Examples

expand all

Declare Critical Data Members as Private

#include <string.h>
#define MAX_PASSWORD_LENGTH 15
#define MAX_USERNAME_LENGTH 15

class UserAccount
{
public:
  UserAccount(char *username, char *password)
  {
    //...
  }

  int authorizeAccess(char *username, char *password)
  {
    //...
  }

  char username[MAX_USERNAME_LENGTH+1]; 
  char password[MAX_PASSWORD_LENGTH+1]; 
};

In this example, the data members username and password are declared as public. Specify these variables as critical in a code behavior XML file:

<specifications>
   <members>
	<member name="password" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
	<member name="username" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
   </members>
</specifications>

After you specify the variables as critical, Polyspace flags the public critical data members. If you do not specify the critical data members, Polyspace assumes that no data members are critical and the defect is not raised.

Correction — Declare Critical Variables as Private

To fix this defect, declare the critical variables as private

#include <string.h>


#define MAX_PASSWORD_LENGTH 15
#define MAX_USERNAME_LENGTH 15

class UserAccount
{
public:
  UserAccount(char *username, char *password)
  {
    //...
  }

  int authorizeAccess(char *username, char *password)
  {
    //...
  }
private:
  char username[MAX_USERNAME_LENGTH+1]; 
  char password[MAX_PASSWORD_LENGTH+1]; 
};

You can continue to use the same code behavior specification XML file:

<specifications>
   <members>
	<member name="password" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
	<member name="username" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
   </members>
</specifications>

Result Information

Group: Security

Language: C++

Default: Off

Command-Line Syntax: CRITICAL_DATA_MEMBER_DECLARED_PUBLIC

Impact: High

Version History

Introduced in R2022a

expand all

R2023b: Checker supports critical data specification using regular expressions

You can now specify multiple similarly-named data members in the list of critical data members using regular expressions. To use regular expressions in the code behavior specifications file, in addition to the attributes name and kind, you have to set an attribute regex to true.

For instance, to consider all member names starting with user as critical data members, enter:

<member name="user.*" kind="variable" regex="true">
    <behavior name="CRITICAL_DATA"/>
</member>