Skip to main content

Inappropriate coding practices - Static Import

Description

The static import declaration could be analogous to a normal import declaration. Where the normal import declaration imports classes from packages, allowing them to be used without package qualification, the static import declaration imports static members from classes, allowing them to be used without class qualification.

Impact

  • Overuse static import can result in code that is difficult to read and maintain, since readers of the code will not know which class defines a particular static object. -Allow unqualified access to static members without inheriting from the type containing the static members.

Recommendation

Use static import very sparingly, if at all. Its useful for situations when you need frequent access to a few static objects from one or two classes.

Threat

Unauthorized attacker with access to the code.

Expected Remediation Time

⌚ minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the src.

Base

  • Attack vector: N
  • Attack complexity: H
  • Privileges required: N
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: P
  • Remediation level: O
  • Report confidence: R

Result

  • Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:R
  • Score:
    • Base: 3.7
    • Temporal: 3.2
  • Severity:
    • Base: Low
    • Temporal: Low

Requirements

Fixes

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.