SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 82

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 83

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
protected PermissionCollection getPermissions(CodeSource cs) {
  PermissionCollection pc = new Permissions();
  // allowAllow exit from the VM anytime
  pc.add(new RuntimePermission("exitVM"));
  return pc;
}

...

In this compliant solution, the getPermissions() method calls super.getPermissions(). As a result, the default systemwide security policy is applied , in addition to the custom policy.

Code Block
bgColor#ccccff
protected PermissionCollection getPermissions(CodeSource cs) {
  PermissionCollection pc = super.getPermissions(cs);
  // allowAllow exit from the VM anytime
  pc.add(new RuntimePermission("exitVM"));
  return pc;
}

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC07-J

High

Probable

Low

P18

L1

Automated Detection

Violations of this rule can be discovered with a heuristic checker in the style of FindBugs. As with all heuristic checks, achieving a low false-positive rate is essential.

...

The java.security package exists on Android for compatibility purposes only, and it should not be used.

Bibliography

[API 20062014]

Class ClassLoader

[Oaks 2001]

 

[Security 2006]

 

...