Java Reference
In-Depth Information
Compliant Solution
This compliant solution hard codes the name of the library to prevent the possibility of
tainted values. It also reduces the accessibility of the load() method from public to
private . Consequently, untrusted callers are prohibited from loading the awt library.
Click here to view code image
private void load() {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
System.loadLibrary("awt");
return null;
}
});
}
Noncompliant Code Example
Thisnoncompliantcodeexamplereturnsaninstanceof java.sql.Connection fromtrus-
ted code to untrusted code.
Click here to view code image
public Connection getConnection(String url, String username,
String password) {
// ...
return DriverManager.getConnection(url, username, password);
}
Untrusted code that lacks the permissions required to create a SQL connection can
bypass these restrictions by using the acquired instance directly. The getConnection()
method is unsafe because it uses the url argument to indicate a class to be loaded; this
class serves as the database driver.
Compliant Solution
This compliant solution prevents malicious users from supplying their own URL to the
database connection, thereby limiting their ability to load untrusted drivers.
Click here to view code image
Search WWH ::




Custom Search