Inappropriate coding practices - Static Import
Description
The static import declaration could be analogous to a normal import declaration. Where the normal import declaration imports classes from packages, allowing them to be used without package qualification, the static import declaration imports static members from classes, allowing them to be used without class qualification.
Impact
- Overuse static import can result in code that is difficult to read and maintain, since readers of the code will not know which class defines a particular static object. -Allow unqualified access to static members without inheriting from the type containing the static members.
Recommendation
Use static import very sparingly, if at all. Its useful for situations when you need frequent access to a few static objects from one or two classes.
Threat
Unauthorized attacker with access to the code.
Expected Remediation Time
⌚ minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: N
- Attack complexity: H
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: N
- Integrity: L
- Availability: N
Temporal
- Exploit code madurity: P
- Remediation level: O
- Report confidence: R
Result
- Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:R
- Score:
- Base: 3.7
- Temporal: 3.2
- Severity:
- Base: Low
- Temporal: Low
Requirements
Fixes
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.