Java Developer Tools

Audit - Rules - Modifier Usage

Description
This group contains audit rules that check your code for incorrect uses of modifiers.

Rules:

Details

Avoid Package Scope

Summary
Only use public, protected or private scopes.

Description
This audit flags all inner classes, constructors, methods, and fields that have a package scope.

Note: non-inner classes and interfaces cannot syntactically be declared protected or private, thus since a non-inner class/ interface isn't more secure if it has package scope instead of a public scope, this audit does not flag interfaces or non-inner classes that have a package scope.

Also note: the resolutions (fixes) for flagged instances of this audit include the insertion of the "public" modifier as well as "private" and "protected" modifiers. However, changing a modifier from package scope to a public scope does not make the code more secure, and is included only because it is expected that the public modifier is used.

Security Implications
Classes, methods and fields with package scope (default scope) can be accessed from all code within the same package, including code written by adversaries.

Example
The following will all be flagged since they all have a package scope: the constructor "Example", the class "InnerClass", the method "some_method", and the integer "x":

    class Example {
        Example(){super();}
        class InnerClass{}
        static void some_method(){/* do nothing */}
        int x;
    }

Class Should Be Final

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.