...
Automated detection of non-private nested classes that define non-private members and constructors is straightforward. However, this rule applies only when those classes could potentially expose sensitive data or operations from the outer class. Detection of sensitive data or operations requires programmer assistance.
Related Guidelines
...
CWE-492 "Use of Inner Class Containing Sensitive Data" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="dd64f57c-4509-4bb1-9c4a-3781a86a6f9f"><ac:plain-text-body><![CDATA[ | [[JLS |
...
2005 |
...
AA. |
...
Bibliography#JLS |
...
05] |
...
] |
...
[§8.1.3, |
...
Inner |
...
Classes |
...
and |
...
Enclosing |
...
Instances |
...
http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.1.3] |
...
]]></ac:plain-text-body></ac:structured-macro> | ||||
| §8.3 "Field Declarations" | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f5b6b3c4-a7a2-4b31-8c90-f6f0ba4b2969"><ac:plain-text-body><![CDATA[ | [[Long 2005 | AA. Bibliography#Long 05]] | §2.3, Inner Classes | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7023b155-0898-4f17-9455-c0b660369dfc"><ac:plain-text-body><![CDATA[ | [[McGraw 1999 | AA. Bibliography#McGraw 99]] | Securing Java, Getting Down to Business with Mobile Code | ]]></ac:plain-text-body></ac:structured-macro> |
...
OBJ12-J. Do not leak references to inner class objects when the outer class object maintains sensitive data 04. Object Orientation (OBJ) OBJ14-J. Defensively copy mutable inputs and mutable internal components