...
The APIs tabulated here perform tasks using the immediate caller's class loader. They can be exploited if (1) They are invoked indirectly by untrusted code and (2) They accept tainted inputs from untrusted code.
APIs |
|---|
java.lang.Class.forName
|
java.lang.Package.getPackage(s)
|
java.lang.Runtime.load
|
java.lang.Runtime.loadLibrary
|
java.lang.System.load
|
java.lang.System.loadLibrary
|
java.sql.DriverManager.getConnection
|
java.sql.DriverManager.getDriver(s)
|
java.sql.DriverManager.deregisterDriver
|
java.util.ResourceBundle.getBundle
|
Noncompliant Code Example
...
