The permission java.security.AllPermission implies all permissions and grants all possible permissions to code. This facility was included for routine testing purposes to make it less cumbersome to deal with a multitude of permissions or and for use when the code is completely trusted. Code is typically granted AllPermission using the security policy file but it is also possible to associate AllPermission with a ProtectionDomain, programatically. This permission is dangerous in production environments and must never be granted to untrusted code.
...
Granting AllPermission to untrusted code allows it to perform arbitrary privileged operations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV31- J | high | likely | low | P27 | L1 |
...