...
This noncompliant code example accepts a tainted path or file name as an argument. An attacker can access a protected file by supplying it's its pathname as an argument to this method.
...
This compliant solution invokes the cleanAFilenameAndPath()) sanitization method to disallow malicious inputs. Successful operation of the sanitization method indicates that the input is acceptable , and the doPrivileged block can be executed.
...
Related Guidelines
CWE ID -266, "Incorrect Privilege Assignment" | |
| CWE ID -272, "Least Privilege Violation" |
| CWE ID -732, "Incorrect Permission Assignment for Critical Resource" |
Secure Coding Guidelines for the Java Programming Language, Version 3.0 | Guideline 6-2 Safely invoke java.security.AccessController.doPrivileged |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1dd566093a6cb0ed-8bf9bcd7-4e354330-a5c89866-a779b8e3056f302c0ab0605e"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bbb5a56b0c443fee-bd661e9d-492a4178-a0518f6c-9e9822537ff8e3ffee6299fe"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Sections 6.4, "AccessController" | ]]></ac:plain-text-body></ac:structured-macro> | |
| 9.5 "Privileged Code" | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="58981a5a2326bb89-32856090-468943e9-baa1aff1-61ce4cdfd22877586b67a982"><ac:plain-text-body><![CDATA[ | [[Jovanovic 2006 | AA. Bibliography#Jovanovic 06]] | "Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities" | ]]></ac:plain-text-body></ac:structured-macro> |
...