A nested class is any class whose declaration occurs within the body of another class or interface [[JLS 05]]. Nested classes are a broad set of classes that are classified as static
member and inner classes. "An inner class is a nested class that is not explicitly or implicitly declared static
." [[JLS 05]]. An inner class may be local, anonymous or non-static.
The use of nested class is error-prone unless the semantics are well understood. A common notion is that only the outer class can access the contents of the nested inner class(es). Not only does the nested class have access to the private
fields of the outer class, the same fields can be accessed by another class in the package depending on whether the nested class is declared public
or if it contains public
methods/constructors. By default, the javac
compiler converts the accessibility of private
methods of a nested class to package-private.
Also, according to the Java Language Specification [[JLS 05]], section 8.3 "Field Declarations":
Note that a
private
field of a superclass might be accessible to a subclass (for example, if both classes are members of the same class). Nevertheless, aprivate
field is never inherited by a subclass.
Noncompliant Code Example
This noncompliant code example exposes the sensitive (x,y)
coordinates through the getPoint()
method of the inner class. Consequently, the AnotherClass
class that belongs to the same package can access the coordinates.
class Coordinates { private int x; private int y; public class Point { public void getPoint() { System.out.println("(" + x + "," + y + ")"); } } } class AnotherClass { public static void main(String[] args) { Coordinates c = new Coordinates(); Coordinates.Point p = c.new Point(); p.getPoint(); } }
Compliant Solution
Use the private
access specifier for declaring the inner class(es) and all contained methods and constructors. The compiler will refuse to compile AnotherClass
because of its attempt to access a private nested class.
class Coordinates { private int x; private int y; private class Point { private void getPoint() { System.out.println("(" + x + "," + y + ")"); } } } class AnotherClass { public static void main(String[] args) { Coordinates c = new Coordinates(); Coordinates.Point p = c.new Point(); // fails to compile p.getPoint(); } }
Risk Assessment
The Java Language System weakens the accessibility of sensitive, private
entities in inner classes which may result in a security weakness.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
SCP03- J |
medium |
probable |
medium |
P8 |
L2 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[JLS 05]] Section 8.1.3, Inner Classes and Enclosing Instances and 8.3 "Field Declarations"
[[McGraw 00]]
[[Long 05]] Section 2.3, Inner Classes
[[MITRE 09]] CWE ID 492 "Use of Inner Class Containing Sensitive Data"
SCP01-J. Do not increase the accessibility of overridden or hidden methods 05. Scope (SCP) SCP02-J. Do not reuse names