Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
Name: trusted/ // Package name
Sealed: true   // Sealed attribute

Exception

ENV01-J-EX0: Independent groups of privileged code and associated security-sensitive code (a "group" hereafter) may be placed in separate sealed packages and even in separate JAR files, subject to the following enabling conditions:

...

Failure to place all privileged code together in one package and seal the package can lead to mix-and-match attacks.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV01-J

High

Probable

Medium

P12

L1

Automated Detection

Detecting code that should be considered privileged or sensitive requires programmer assistance. Given identified privileged code as a starting point, automated tools could compute the closure of all code that can be invoked from that point. Such a tool could plausibly determine whether all code in that closure exists within a single package. A further check of whether the package is sealed is feasible.

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.INSEC.LDAP.POISON

Potential LDAP Poisoning (Java)

Android Implementation Details

java.security.AccessController exists on Android for compatibility purposes only, and it should not be used.

Related Guidelines

MITRE CWE

CWE-349, Acceptance of Extraneous Untrusted Data with Trusted Data

Bibliography

[EMA 2014]

Extension Mechanism Architecture, "Optional Package Sealing"

[McGraw 1999]

Rule 7, If you must sign your code, put it all in one archive file

[Ware 2008]

 

...



...