...
In this noncompliant code example a call to System.loadLibrary() is embedded in a doPrivileged block. An unprivileged caller can maliciously invoke this piece of code using the same technique as above because the doPrivileged block allows stops security manager checks being applied to be forgone for other callers on callers further up the execution chain.
| Code Block | ||
|---|---|---|
| ||
public void load(String libName) {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
System.loadLibrary(libName);
return null;
}
});
}
|
...
| Code Block | ||
|---|---|---|
| ||
private void getConnection() {
// ...
conn = DriverManager.getConnection(url, username, password);
// Do what is is required here itself; do not return the connection
}
public void DoDatabaseOperationWrapper() {
// Perform any checks or validate input
getConnection();
}
|
Exceptions
SEC53-EX1EX0: It is permissible to use APIs that do not use the immediate caller's class loader instance. For example, the three-argument java.lang.Class.forName() method requires an explicit argument that specifies the class loader instance to use. Do not use the immediate caller's class loader as the third argument if instances must be returned to untrusted code.
...