CWE-487: Reliance on Package-level Scope

Description

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

Example Vulnerable Codes

Example - 1

The following example demonstrates the weakness.



return ...;public final Static String youAreHidingThisFunction(functionToIntegrate){}package math;public class Lebesgue implements Integration{}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-664: Improper Control of a Resource Through its Lifetime

Go to

Visit http://cwe.mitre.org/ for more details.