...
| Code Block |
|---|
|
class NativeCode {
public native void loadLib();
static {
try {
System.loadLibrary("/com/foo/MyLib.so");
}catch(UnsatisfiedLinkError e) { e.getMessage(); }
}
}
class Untrusted {
public static void untrustedCode() {
new NativeCode().loadLib();
}
}
|
Sometimes, a call to System.loadLibrary is embedded in a doPrivileged block, as shown below. An unprivileged caller can maliciously invoke this piece of code.
| Code Block |
|---|
|
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
System.loadLibrary("awt");
return null;
}
});
|
Noncompliant Code Example
The single argument Class.forname method is another example of an API that uses its immediate caller's class loader to load a desired class. Untrusted code can indirectly abuse this API.
| Code Block |
|---|
|
Class c = Class.forName(className);
|
Compliant Solution
Ensure that untrusted code cannot invoke the affected APIs directly or indirectly (that is, via a call to an invoking method). Do not operate on tainted inputs and make sure that internal objects are not returned to untrusted code.
...
