...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ00-J | medium | likely | medium | P12 | L1 |
Automated Detection
This rule is not checkable because it depends on factors that are unspecified in the code, including the invariants upon which the code relies and the necessity of designating a class as extensible, among others. However, simple statistical methods might be useful to find codebases that violate this rule by checking whether a given codebase contains a higher-than-average number of classes left non-final.
Related Guidelines
Secure Coding Guidelines for the Java Programming Language, Version 3.0 | Guideline 1-2. Limit the extensibility of classes and methods |
...
[API 2006] | Class BigInteger |
Item 1. Consider static factory methods instead of constructors17: Design and document for inheritance or else prohibit it | |
Chapter 6, Enforcing Security Policy | |
[Lai 2008] | Java Insecurity, Accounting for Subtleties That Can Compromise Code |
Chapter Seven, Rule 3. Make everything final, unless there's a good reason not to | |
...