Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

...

Basing security checks on untrusted sources can result in the check being bypassed.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC02-J

High

Probable

Medium

P12

L1

Automated Detection

Tool
Version
Checker
Description
Coverity7.5UNSAFE_REFLECTIONImplemented
Parasoft Jtest
Include Page
java:
Parasoft_V
java:
Parasoft_V
BD
CERT.
SECURITY
SEC02.TDRFL
Implemented
Protect against Reflection injection

Related Guidelines

ISO/IEC TR 24772:2010

Authentication Logic Error [XZO]

MITRE CWE

CWE-302, Authentication Bypass by Assumed-Immutable Data
CWE-470, Use of Externally-Controlled Input to Select Classes or Code ("Unsafe Reflection")

Android Implementation Details

The code examples using the java.security package are not applicable to Android, but the principle of the rule is applicable to Android apps.

Bibliography

...


...