...
Untrusted environment variables can provide data for injection and other attacks if not properly sanitized.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV02-J | Low | Likely | Low | P9 | L2 |
Automated Detection
| Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft Jtest |
| CERT.ENV02.ENV | Do not use the non-portable 'System.getenv()' method | |||||||
| PVS-Studio |
| V6110 |
Android Implementation Details
On Android, the environment variable user.name is not used and is left blank. However, environment variables exist and are used on Android, so the rule is applicable.
Bibliography
...
...