...
Compliant Solution
This compliant solution reduces hard-codes the name of the library to prevent the possibility of tainted values. It also reduces the accessibility of method load() from public to private. Consequently, untrusted callers are prohibited from loading the awt library. Also, the name of the library is hard-coded to reject the possibility of tainted values.
| Code Block | ||
|---|---|---|
| ||
private void load() {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
System.loadLibrary("awt");
return null;
}
});
}
|
...