SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 41

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 42

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot

...

Code Block
bgColor#FFcccc
class NativeCode {
  public native void loadLib();

  static {
    try {
      System.loadLibrary(""/com/foo/MyLib.so"");
    }catch(UnsatisfiedLinkError e) { e.getMessage(); }
  }    
}

class Untrusted {
  public static void untrustedCode() {
    new NativeCode().loadLib();
  }
}

...

Code Block
AccessController.doPrivileged(new PrivilegedAction() {
  public Object run() { 
    System.loadLibrary("awt""awt");
    return null; 
  }
});

Non-native library code can also be susceptible to related security flaws. Loading a non-native safe library, by itself may not expose a vulnerability but after loading an unsafe library, an attacker can easily exploit it if it contains other vulnerabilities. Moreover, non-native libraries often make use of doPrivileged blocks, making them a lucrative target.

...

Code Block
bgColor#ccccff
Class c = Class.forName("Foo""Foo"); // explicitly hardcode

...

Code Block
bgColor#FFcccc
private Class doLogic() {
  ClassLoader myLoader = new myClassLoader();
  Class myClass = myLoader.loadClass("MyClass""MyClass");
  return myClass; // returns Class instance to untrusted code
}

...

Code Block
bgColor#ccccff
private void doLogic() {
  ClassLoader myLoader = new myClassLoader();
  Class myClass = myLoader.loadClass("MyClass""MyClass");
  // do what is is required here itself; do not return myClass
}

...

SEC32-J. Create and sign a SignedObject before creating a SealedObject            02. Platform Security (SEC)            SEC34-J. Do not allow tainted variables in doPrivileged blocks