...
An attacker can provide an implementation of class RetValue so that the privileged code uses an incorrect return value. Even though class MixMatch consists only of trusted, signed code, an attacker can still cause this behavior by maliciously deploying a legally signed jar file containing the untrusted RetValue class.
This example comes close to violating SEC03-J. Do not allow tainted variables in doPrivileged blocks, but does not do so. It instead allows potentially tainted code in its doPrivileged() block, which is similar.
Noncompliant Code Example (security-sensitive code)
...