Do not operate on unvalidated or untrusted data (also known as tainted data) in a doPrivileged() block. An attacker can supply malicious input that could result in privilege escalation attacks. Appropriate mitigations include hard coding values rather than accepting arguments (when appropriate), or validating/sanitizing data before the privileged operations.
This rule concerns untrusted information entering a doPrivileged() block. For prevention of sensitive information escaping from a doPrivileged() block, see SEC02-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary.
Noncompliant Code Example
...