Page History

...

The Java language system weakens the accessibility of private members of an outer class when a nested inner class is present, which can result in an information leak.

Rule	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
OBJ08-J	Medium	Probable	No

Medium

No

P8

P4

L2

L3

Automated Detection

Automated detection of nonprivate inner classes that define nonprivate members and constructors that leak private data from the outer class is straightforward.

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

JAVA.CLASS.ICSBS

Inner class should be static

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.OBJ08.INNER

Make all member classes "private"

Related Guidelines

MITRE CWE

CWE-492, Use of Inner Class Containing Sensitive Data

Bibliography

[JLS 2015]	§8.1.3, Inner Classes and Enclosing Instances §8.3, "Field Declarations"
[Long 2005]	Section 2.3, "Inner Classes"
[McGraw 1999]	Securing Java: Getting Down to Business with Mobile Code

...

Space shortcuts

Page tree

Versions Compared

Old Version 110

New Version Current

Key

Automated Detection

Related Guidelines

Bibliography