A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. The field could be made package protected to avoid this vulnerability. Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability.
Since the field is never referenced outside the class, we can change its visibility to private; since the list is never modified, we can use Guava's immutable list to construct it. Do both to resolve this warning.
SpotBugs reported:
Since the field is never referenced outside the class, we can change its visibility to
private
; since the list is never modified, we can use Guava's immutable list to construct it. Do both to resolve this warning.Issue #915 Use static analysis to find bugs