SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 105

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 106

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2020.2

...

Failure to define wrappers around native methods can allow unprivileged callers to invoke them and exploit inherent vulnerabilities such as buffer overflows in native libraries.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

JNI00-J

Medium

Probable

High

P4

L3

Automated Detection

Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments [Fairbanks 2007] could assist both programmers and static analysis tools.

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
java:
Parasoft_V
java:
Parasoft_V
SECURITY.IBA.NATIW
Implemented
Use wrapper methods to secure native methods

Related Guidelines

MITRE CWE

CWE-111, Direct Use of Unsafe JNI

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 5-3 / INPUT-3: Define wrappers around native methods

Bibliography

[Fairbanks 2007]

 


[JNI 2006]

 


[Liang 1997]

 


[Macgregor 1998]

Section 2.2.3, "Interfaces and Architectures"

...


...