AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Incorrect Readonly Member

Specifying an object or a collection member as private readonly doesn’t mean that they are really readonly

Severity

Low

Fix Cost

Low

Trust Level

Medium

A way of creating read only member variables for a class is to use private and readonly keywords together accompanied with a getter only property. Here’s an example;

Here's an example;

            
public class Message
{
private readonly List<string> iList = new List<string>();
public IEnumerable<string> MyList
{
get  { return iList; }
}

...
                
            

The basic intention here is to make iList to be a readonly field of the class, however, defining it as private readonly and returning it as MyList getter only property will allow the caller to be able to make modifications on iList.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!