Page History

...

The access modifier of an overriding or hiding method must provide at least as much access as the overridden or hidden method (The Java Language Specification, §8.4.8.3, "Requirements in Overriding and Hiding" [JLS 2015]). The following table lists the allowed accesses.

Overridden/Hidden Method Modifier	Overriding/Hiding Method Modifier
`public`	`public`
`protected`	`protected` or `public`
default	default or `protected` or `public`
`private`	Cannot be overridden

Noncompliant Code Example

...

Code Block

bgColor	#ccccff

class Super {
  protected final void doLogic() { // Declare as final
    System.out.println("Super invoked");
    // Do sensitive operations
  }
}

Exceptions

MET04-J-EX0: For classes that implement the java.lang.Cloneable interface, the accessibility of the Object.clone() method should be increased from protected to public [SCG 2009].

...

Subclassing allows weakening of access restrictions, which can compromise the security of a Java application.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MET04-J	Medium	Probable	Medium	P8	L2

Automated Detection

Detecting violations of this rule is straightforward.

Tool

Version

Checker

Description

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.MET04.OPM

Do not override an instance "private" method

Related Guidelines

MITRE CWE	CWE-487, Reliance on Package-Level Scope
Secure Coding Guidelines for Java SE, Version 5.0	Guideline 4-1 / EXTEND-1: Limit the accessibility of classes, interfaces, methods, and fields

Bibliography

[JLS 2015]

§8.4.8.3, "Requirements in Overriding and Hiding"

...

[SCG 2009]

...

Space shortcuts

Page tree

Versions Compared

Old Version 106

New Version Current

Key

Noncompliant Code Example

Exceptions

Automated Detection

Related Guidelines

Bibliography