SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 51

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Linked to JLS sections on line; grammar fix in title

...

Wiki Markup
Also, according to the Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], [Section 8.3,|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.3] "Field Declarations"

Note that a private field of a superclass might be accessible to a subclass (for example, if both classes are members of the same class). Nevertheless, a private field is never inherited by a subclass.

Noncompliant Code Example

This noncompliant code example exposes the sensitive (x,y) coordinates through the getPoint() method of the inner class. Consequently, the AnotherClass class that belongs to the same package can access the coordinates.

Code Block
bgColor#FFcccc
class Coordinates {
  private int x;
  private int y;

  public class Point {
    public void getPoint() {
      System.out.println("(" + x + "," + y + ")");    
    }
  }
}

class AnotherClass {
  public static void main(String[] args) {
    Coordinates c = new Coordinates();
    Coordinates.Point p = c.new Point();
    p.getPoint();
  }        
}

Compliant Solution

Use the private access specifier for declaring the inner class(es) and all contained methods and constructors. The compiler will refuse to compile AnotherClass because of its attempt to access a private nested class.

Code Block
bgColor#ccccff
class Coordinates {
  private int x;
  private int y;

  private class Point {
    private void getPoint() {
      System.out.println("(" + x + "," + y + ")");    
    }
  }
}

class AnotherClass {
  public static void main(String[] args) {
    Coordinates c = new Coordinates();
    Coordinates.Point p = c.new Point();    // fails to compile
    p.getPoint();
  }        
}

Risk Assessment

The Java Language System weakens the accessibility of sensitive, private entities in inner classes which can result in a security weakness.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SCP03-J

medium

probable

medium

P8

L2

Automated Detection

Automated detection of non-private nested classes that define non-private members and constructors is straight-forward. However, this guideline only applies when those classes could potentially expose sensitive data or operations from the outer class. Detection of sensitive data or operations requires programmer assistance.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

MITRE CWE: CWE-492 "Use of Inner Class Containing Sensitive Data"

Bibliography

Wiki Markup
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 8.1.3, Inner Classes and Enclosing Instances|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.1.3] and 8.3 "Field Declarations"
\[[McGraw 2000|AA. Bibliography#McGraw 00]\]
\[[Long 2005|AA. Bibliography#Long 05]\] Section 2.3, Inner Classes

...