...
This noncompliant code example accepts a tainted filename argument. An attacker can supply the pathname path name of a sensitive password file, thus consequently allowing an unprivileged user to access a protected file.
...
Tools that support Taint Analysis enable code usage that is substantially similar to the Noncompliant Code Example. Typical taint analysis assumes that a method or methods exist(s) that can "clean" potentially tainted inputs, providing untainted outputs (or appropriate errors). The taint analysis then ensures that only untainted data is used inside the doPrivileged block. Note that the static analyses analysis necessarily assume that the cleaning methods are always successful; in reality this may varynot be the case.
Because the annotations used by the analysis tools vary, we present a notional example here.
...