CWE-487: Reliance on Package-level Scope
ID
CWE-487
Abstraction
Base
Structure
Simple
Status
Incomplete
Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Java |
Loading...