According to the Java Language Specification \[[JLS 2005|AA. Bibliography#JLS 05]\], Section 8.4.8.3, "Requirements in Overriding and Hiding" |
The access modifier of an overriding or hiding method must provide at least as much access as the overridden or hidden method, or a compile-time error occurs.
The following are the allowed accesses:
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MET17-J |
medium |
probable |
medium |
P8 |
L2 |
Straightforward.
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
MITRE CWE: CWE-487 "Reliance on Package-level Scope"
SCG 2007 Guideline 1-1 Limit the accessibility of classes, interfaces, methods, and fields
\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 8.4.8.3|http://java.sun.com/docs/books/jls/third_edition/html/classes.html#8.4.8.3], "Requirements in Overriding and Hiding" |
DCL14-J. Minimize the scope of variables DCL15-J. Do not shadow or obscure identifiers in subscopes