The static import declaration could be analogous to a normal import declaration. Where the normal import declaration imports classes from packages, allowing them to be used without package qualification, the static import declaration imports static members from classes, allowing them to be used without class qualification.
- Overuse static import can result in code that is difficult to read and maintain, since readers of the code will not know which class defines a particular static object. -Allow unqualified access to static members without inheriting from the type containing the static members.
Use static import very sparingly, if at all. Its useful for situations when you need frequent access to a few static objects from one or two classes.
Unauthorized attacker with access to the code.
Expected Remediation Time
⌚ 15 minutes.
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
- Attack vector: N
- Attack complexity: H
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: N
- Integrity: L
- Availability: N
- Exploit code madurity: P
- Remediation level: O
- Report confidence: R
- Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:R
- Base: 3.7
- Temporal: 3.2
- Base: Low
- Temporal: Low
Static imports are always used in the application classes and methods
//Code using the imports
Non compliant code
There are static imports used in the application
import static java.lang.System.*;
import static java.lang.Math.*;
import static myPublicClass;
//Code that uses the static imports frequently