CWE-487: Reliance on Package-level Scope

Description

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

Example Vulnerable Codes

Example - 1

The following example demonstrates the weakness.



return ...;public final Static String youAreHidingThisFunction(functionToIntegrate){}package math;public class Lebesgue implements Integration{}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 22, 2024 7:29