SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 110

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 111

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

...

The Java language system weakens the accessibility of private members of an outer class when a nested inner class is present, which can result in an information leak.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ08-J

Medium

Probable

Medium

P8

L2

Automated Detection

Automated detection of nonprivate inner classes that define nonprivate members and constructors that leak private data from the outer class is straightforward.

ToolVersionCheckerDescription
Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

CERT.OBJ08.INNERMake all member classes "private"

Related Guidelines

MITRE CWE

CWE-492, Use of Inner Class Containing Sensitive Data

Bibliography

[JLS 2015]

§8.1.3, Inner Classes and Enclosing Instances
§8.3, "Field Declarations"

[Long 2005]

Section 2.3, "Inner Classes"

[McGraw 1999]

Securing Java: Getting Down to Business with Mobile Code

...


...