Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tools that support taint analysis enable assurance of code usage that is substantially similar to the first compliant solution. Typical taint analyses assume that one or more methods exist that can sanitize potentially tainted inputs, providing untainted outputs (or appropriate errors). The taint analysis then ensures that only untainted data is used inside the doPrivileged block. Note that the static analyses must necessarily assume that the sanitization methods are always successful, but in reality, this may not be the case.

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.IO.PERM.ACCESS
JAVA.IO.PERM

Accessing File in Permissive Mode (Java)
Permissive File Mode (Java)

Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

BD
CERT.
SECURITY
SEC01.PRIVILAvoid operating on tainted data in privileged blocks

Related Guidelines

MITRE CWE

CWE-266, Incorrect Privilege Assignment
CWE-272, Least Privilege Violation
CWE-732, Incorrect Permission Assignment for Critical Resource

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 9-3 / ACCESS-3: Safely invoke java.security.AccessController.doPrivileged

...