Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Untrusted environment variables can provide data for injection and other attacks if not properly sanitized.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV02-J

Low

Likely

Low

P9

L2

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
java:
Parasoft_V
java:
Parasoft_V
PORT.ENVImplemented
CERT.ENV02.ENVDo not use the non-portable 'System.getenv()' method
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6110

Android Implementation Details

On Android, the environment variable user.name is not used and is left blank. However, environment variables exist and are used on Android, so the rule is applicable.

Bibliography

...



...