...
The Java language system weakens the accessibility of private members of an outer class when a nested inner class is present, which can result in an information leak.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ08-J | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Automated detection of nonprivate inner classes that define nonprivate members and constructors that leak private data from the outer class is straightforward.
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| JAVA.CLASS.ICSBS | Inner Class Should be Static (Java) | ||||||
| Parasoft Jtest |
| CERT.OBJ08.INNER | Make all member classes "private" |
Related Guidelines
Bibliography
[JLS 2015] | §8.1.3, Inner Classes and Enclosing Instances |
Section 2.3, "Inner Classes" | |
Securing Java: Getting Down to Business with Mobile Code |
...
...