Page History

Application code that calls security sensitive methods must validate the arguments being passed to the methods. In particular, null values may be interpreted as benign by certain security sensitive methods and may override default settings. Although security critical methods must be coded defensively in the first place, sometimes the onus is on the client code to validate and provide the arguments. Failure to do so can result in privilege escalation and execution of arbitrary code.

Noncompliant Code Example

This noncompliant code example shows the two-argument doPrivileged() method that takes an access control context as the second argument. The construct allows changing privileges to that of a previously saved context.

• Stuff about doPrivileged and passing null as second option
• System.setSecurityManager(null);

Issues caused because of not checking for null, leading to compromise.

Noncompliant Code Example

     AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
                    // ...
                }
            }, accaccessControlContext);

Compliant Solution

A null access control context means that the privileges would not be reduced to those of the previously saved context.

Compliant Solution 

This compliant solution...

if (accessControlContext

        if (acc == null) {
            throw new SecurityException("Missing AccessControlContext");
        }
        AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
                    // ...
                }
            }, acc);

Noncompliant Code Example

This noncompliant code example ...

 System.setSecurityManager(null);

Compliant Solution 

This compliant solution ...

System.setSecurityManager(new SecurityManager());

Applicability

Bibliography

...

Image Added Image Added Image Added

Noncompliant Code Example

Compliant Solution

Noncompliant Code Example

System.setSecurityManager(null);