SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

  • Stuff about doPrivileged and passing null as second option
  • System.setSecurityManager(null);

Issues caused because of not checking for null, leading to compromise.

Noncompliant Code Example

     AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
                    ...
                }
            }, acc);

 

Compliant Solution

        if (acc == null) {
            throw new SecurityException("Missing AccessControlContext");
        }
        AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
                    ...
                }
            }, acc);

Noncompliant Code Example

System.setSecurityManager(null);
  • No labels