...
Tools that support taint analysis enable assurance of code usage that is substantially similar to the first compliant solution. Typical taint analyses assume that a method or methods exist(s) that can "clean" potentially tainted inputs, providing untainted outputs (or appropriate errors). The taint analysis then ensures that only untainted data is used inside the doPrivileged block. Note that the static analyses must necessarily assume that the cleaning methods are always successful; in reality this may not be the case.
Related
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CWE ID 266, "Incorrect Privilege Assignment" | |
| CWE ID 272, "Least Privilege Violation" |
| CWE ID 732, "Incorrect Permission Assignment for Critical Resource" |
Guideline 6-2 Safely invoke java.security.AccessController.doPrivileged |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d5c3ceb07848c34c-34097ae0-4e224904-85f5b4f6-d098527d545fe7a4d15f07de"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4fc61a564e46064a-333819c6-4c7a420c-bbc39d68-7a51c0cca84ebf3a5a61eb7e"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Sections 6.4, "AccessController" | ]]></ac:plain-text-body></ac:structured-macro> | |
| 9.5 "Privileged Code" | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c154e2a037de1b02-e55ffe08-4c834c90-a121a24d-f1c12a6cff7dadd1346eeb68"><ac:plain-text-body><![CDATA[ | [[Jovanovic 2006 | AA. Bibliography#Jovanovic 06]] | "Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities" | ]]></ac:plain-text-body></ac:structured-macro> |
...