Security checks based on untrusted sources can be bypassed. The untrusted object or parameter should be defensively copied before the security check is performed. The copy operation must be a deep copy; the implementation of the clone() method may produce a shallow copy, which can still be compromised. In addition, the implementation of the clone() method can be provided by the attacker. See OBJ14 OBJ06-J. Defensively copy mutable inputs and mutable internal components for more information.
Noncompliant Code Example (JDK 5.0 java.io.File)
...
Note that using the clone() method instead of the openFile() method would copy the attacker's class, which is not desirable. (Refer to rule OBJ14 OBJ06-J. Defensively copy mutable inputs and mutable internal components.)
Risk Assessment
Basing security checks on untrusted sources can result in the check being bypassed.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ebb0f8c27a4b60c8-e70c184c-4d534fbc-bb4d97c0-2401d61a4e57c41ee2bdf0d4"><ac:plain-text-body><![CDATA[ | [[Sterbenz 2006 | AA. Bibliography#Sterbenz 06]] | ]]></ac:plain-text-body></ac:structured-macro> |
...