...
Comparing classes solely using their names can allow a malicious class to bypass security checks and gain access to protected resources.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|
OBJ09-J | High | Unlikely | Low | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description |
---|
The Checker Framework | Include Page |
---|
| The Checker Framework_V |
---|
| The Checker Framework_V |
---|
|
| Signature String Checker | Ensure that the string representation of a type is properly used for example in Class.forName (see Chapter 13) |
CodeSonarCodeSonarCodeSonarFBCORRECTNESS.EQ_COMPARING_CLASS_NAMES
equals method compares class names rather than class objects | Parasoft Jtest | 9.5 | SECURITY.EAB.CMP | Implemented |
SonarQube Java Plugin Java Plugin Java PluginImplementedRelated Guidelines
Bibliography
...
...