Page History

...

Allowing tainted inputs in privileged operations can result in privilege escalation attacks.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
SEC01-J	High	Likely	Low	P27	L1

Automated Detection

Tools that support taint analysis enable assurance of code usage that is substantially similar to the first compliant solution. Typical taint analyses assume that one or more methods exist that can sanitize potentially tainted inputs, providing untainted outputs (or appropriate errors). The taint analysis then ensures that only untainted data is used inside the doPrivileged block. Note that the static analyses must necessarily assume that the sanitization methods are always successful, but in reality, this may not be the case.

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

JAVA.IO.PERM.ACCESS
JAVA.IO.PERM

Accessing File in Permissive Mode (Java)
Permissive File Mode (Java)

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.SEC01.PRIVIL

Avoid operating on tainted data in privileged blocks

Related Guidelines

MITRE CWE	CWE-266, Incorrect Privilege Assignment CWE-272, Least Privilege Violation CWE-732, Incorrect Permission Assignment for Critical Resource
Secure Coding Guidelines for Java SE, Version 5.0	Guideline 9-3 / ACCESS-3: Safely invoke `java.security.AccessController.doPrivileged`

Android Implementation Details

The code examples using the java.security package are not applicable to Android, but the principle of the rule is applicable to Android apps.

Bibliography

[API 2014]	Method `doPrivileged()`
[Gong 2003]	Section 6.4, "`AccessController`" Section 9.5, "Privileged Code"
[Jovanovic 2006]	Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities

...

Space shortcuts

Page tree

Versions Compared

Old Version 88

New Version Current

Key

Automated Detection

Related Guidelines

Android Implementation Details

Bibliography