Audit - Rules - Modifier Usage

This group contains audit rules that check your code for incorrect uses of modifiers.



Avoid Package Scope

Only use public, protected or private scopes.

This audit flags all inner classes, constructors, methods, and fields that have a package scope.

Note: non-inner classes and interfaces cannot syntactically be declared protected or private, thus since a non-inner class/ interface isn't more secure if it has package scope instead of a public scope, this audit does not flag interfaces or non-inner classes that have a package scope.

Also note: the resolutions (fixes) for flagged instances of this audit include the insertion of the "public" modifier as well as "private" and "protected" modifiers. However, changing a modifier from package scope to a public scope does not make the code more secure, and is included only because it is expected that the public modifier is used.

Security Implications
Classes, methods and fields with package scope (default scope) can be accessed from all code within the same package, including code written by adversaries.

The following will all be flagged since they all have a package scope: the constructor "Example", the class "InnerClass", the method "some_method", and the integer "x":

    class Example {
        class InnerClass{}
        static void some_method(){/* do nothing */}
        int x;

Class Should Be Final