...
Basing security checks on untrusted sources can result in the check being bypassed.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SEC02-J | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Coverity | 7.5 | UNSAFE_REFLECTION | Implemented |
Parasoft Jtest |
|
|
|
CERT. |
SEC02.TDRFL |
Protect against Reflection injection |
Related Guidelines
Authentication Logic Error [XZO] | |
CWE-302, Authentication Bypass by Assumed-Immutable Data |
Android Implementation Details
The code examples using the java.security
package are not applicable to Android, but the principle of the rule is applicable to Android apps.
Bibliography
...
...