CWE Rule 496
Description
Rule Description
Assigning public data to a private array is equivalent to giving public access to the array.
Polyspace Implementation
The rule checker checks for the issue Public data assigned to private pointer.
Examples
The issue Public data assigned to private pointer occurs when a public member function assigns a public pointer or reference parameter to a private pointer or reference data member. For instance:
class MyClass {
  private:
    std::string& myStringRef;
    std::string* myStringPointer;
  public:
    MyClass(std::string& inputStringRef, std::string* inputStringPointer)
	: myStringRef(inputStringRef), myStringPointer(inputStringPointer) //Noncompliant
	{} 
};
void foo(){
	
	std::string str1{"string ref"};
	std::string str2{"string pointer"};
	MyClass a{str1, &str2};
	str1 = "Changed string";
}
MyClass:;MyClass():
- Assigns the reference parameter - inputStringRefto the private reference- myStringRef.
- Assigns the pointer parameter - inputStringPointerto the private pointer- myStringPointer.
These assignments violate this rule and Polyspace® reports violations.
Polyspace does not report a violation of this rule for function pointers.
If you initialize a private pointer or reference data member by using a public
          parameter, then any function can modify the private data member. In the preceding code,
          the objects MyClass::myStringRef and
            MyClass::myStringPointer are private data members. Because
            MyClass::MyClass() assigns public parameters to
          private pointer or reference data members, the function foo() can
          modify these private data members. For instance, str1 = "Changed
            string" sets the value of a.myStringRef to
            "Changed string", even though MyClass::myStringRef
          is a private field.
Avoid assigning pointer of reference parameters to private pointer or reference data
          members. For public functions that set private pointers and reference data members, accept
          parameters by value. If possible, set private pointer and reference data members by using
            private setter, which can in turn be invoked from methods from a
            friend method.
In this example, the class MyClass manages the private reference
          data member  myStringRef and the private pointer
            myStringPointer. In the constructor of MyClass,
          public parameters are assigned tomyStringRef and
            myStringPointer. As a result, the assignment operations in
            foo() changes the value of a.myStringRef and
            a.myStringPointer. This behavior is unexpected. Polyspace reports a violation of this rule on the declaration of the class
          constructor.
#include <string>
class MyClass
{
private:
    std::string& myStringRef;
    std::string* myStringPointer;
public:
    MyClass(std::string& inputStringRef, std::string* inSP)
        : myStringRef(inputStringRef), myStringPointer(inSP) //Noncompliant
    {}
};
void foo()
{
    std::string str1{"string ref"};
    std::string str2{"string pointer"};
    MyClass a{str1, &str2};
    str1 = "Changed string";
    str2 = "Another changed string";
}
To fix the violation:
- In - MyClass::MyClass(), take the input- inputStringRefby value instead of by reference.
- Use the private setter function - setmyStringPointer()to set the private pointer- myStringPointer.
#include <string>
class MyClass {
	friend void foo();
  private:
    std::string& myStringRef;
	std::string* myStringPointer;
	void setmyStringPointer(std::string* inSP){
		myStringPointer=inSP; //Compliant
	}
  public:
    MyClass(std::string inputStringRef)
	: myStringRef(inputStringRef) //Compliant
	{} 
};
void foo(){
	
	std::string str1{"string ref"};
	std::string str2{"string pointer"};
	MyClass a{str1};
	a.setmyStringPointer(&str2);
	str1 = "Changed string";
	str2 = "Another changed string";
}
Check Information
| Category: Others | 
Version History
Introduced in R2023b
See Also
External Websites
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Select a Web Site
Choose a web site to get translated content where available and see local events and offers. Based on your location, we recommend that you select: .
You can also select a web site from the following list
How to Get Best Site Performance
Select the China site (in Chinese or English) for best site performance. Other MathWorks country sites are not optimized for visits from your location.
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)