SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 7

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
public static void loadLibrary() {
  System.loadLibrary("/com/foo/HardcodedLib.so");
}

Risk Assessment

TODOAllowing untrusted code to load libraries using the immediate caller's class loader may seriously compromise the security of a java application.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC03-J

?? medium ??

probable

?? high

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[SCG 07|AA. Java References#SCG 07]\] Guideline 6-3 Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance
Sun Secure Coding Guidelines