1. Home
  2. CWE Database
  3. CWE-495
Variant · Low-Medium

CWE-495: Private Data Structure Returned From A Public Method

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

CWE-495 · Variant Level ·3 Mitigations

Description

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

Potential Impact

Integrity

Modify Application Data

Demonstrative Examples

Here, a public method in a Java class returns a reference to a private array. Given that arrays in Java are mutable, any modifications made to the returned reference would be reflected in the original private array.
Bad
private String[] colors;public String[] getColors() {return colors;}
In this example, the Color class defines functions that return non-const references to private members (an array type and an integer type), which are then arbitrarily altered from outside the control of the class.
Bad
class Color{private:int[2] colorArray;int colorValue;public:Color () : colorArray { 1, 2 }, colorValue (3) { };int[2] & fa () { return colorArray; } // return reference to private arrayint & fv () { return colorValue; } // return reference to private integer};int main (){Color c;c.fa () [1] = 42; // modifies private array elementc.fv () = 42; // modifies private intreturn 0;}

Mitigations & Prevention

Implementation

Declare the method private.

Implementation

Clone the member data and keep an unmodified version of the data private to the object.

Implementation

Use public setter methods that govern how a private member can be modified.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-664: Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use,...

Taxonomy Mappings

  • 7 Pernicious Kingdoms: — Private Array-Typed Field Returned From A Public Method
  • Software Fault Patterns: SFP23 — Exposed Data

Frequently Asked Questions

What is CWE-495?

CWE-495 (Private Data Structure Returned From A Public Method) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

How can CWE-495 be exploited?

Attackers can exploit CWE-495 (Private Data Structure Returned From A Public Method) to modify application data. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-495?

Key mitigations include: Declare the method private.

What is the severity of CWE-495?

CWE-495 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.