CWE-487

Reliance on Package-level Scope

AI Translation Available

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

Status

incomplete

Abstraction

base

Likelihood

medium

Affected Platforms

Java

Extended Description

AI Translation

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

Technical Details

AI Translation

Common Consequences

confidentiality integrity

Impacts

read application data modify application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Data should be private static and final whenever possible. This will assure that your code is protected by instantiating early, preventing access and tampering.

AI Generated Translation

Common Consequences

riservatezza integrità

Impacts

leggere dati applicazione modificare dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• I dati dovrebbero essere private static e final ogni volta che è possibile. Ciò garantirà che il tuo codice sia protetto istanziandoli in anticipo, prevenendo accessi e manomissioni.

CWE-487

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter