Inappropriate coding practices - Static Import
Description
The static import declaration could be analogous to a normal import declaration. Where the normal import declaration imports classes from packages, allowing them to be used without package qualification, the static import declaration imports static members from classes, allowing them to be used without class qualification.
Impact
- Overuse static import can result in code that is difficult to read and maintain, since readers of the code will not know which class defines a particular static object. -Allow unqualified access to static members without inheriting from the type containing the static members.
Recommendation
Use static import very sparingly, if at all. Its useful for situations when you need frequent access to a few static objects from one or two classes.
Threat
Unauthorized attacker with access to the code.
Expected Remediation Time
⌚ 15 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: N
- Attack complexity: H
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: N
- Integrity: L
- Availability: N
Temporal
- Exploit code madurity: P
- Remediation level: O
- Report confidence: R
Result
- Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:R
- Score:
- Base: 3.7
- Temporal: 3.2
- Severity:
- Base: Low
- Temporal: Low
Code Examples
Compliant code
Static imports are always used in the application classes and methods
import java.util.*;
import myPublicClass;
//Code using the imports
Non compliant code
There are static imports used in the application
import static java.lang.System.*;
import static java.lang.Math.*;
import static myPublicClass;
//Code that uses the static imports frequently