Critical Question

Reasons Causing Vulnerabilities

Suggested Solutions


Classes are public

The product should make all classes package-private, since they are in the same package (M3Application) and not served as an API or interface for external classes.


Methods are public

This implementation is not appropriate. Methods in the product should obtain at least default access modifier privilege. Most of them should be in private access modifier privilege, since they are used internally.


Variables are public

Variables should limit the accessibility. In this product, most variable should be in private access modifier privilege.


Resource is not proper closed

This product should use try-with-resources statement to ensure each resource is closed at the end of the statement.


More than one resource operations in the try-catch-finally block

Since several exceptions may be thrown, some exceptions will be masked.


Static variables

Since other classes in the same scope may be able to access and modify a static variable, this variable should better be claimed as final static.


Inner class

Since there are some security issues related to inner class. It is better to move inner classes to outer classes.


Sensitive information

Use Java security APIs to handle sensitive information.