Java Reference
In-Depth Information
Compliant Solution
This compliant solution hard codes the name of the library to prevent the possibility of
tainted values. It also reduces the accessibility of the
load()
method from
public
to
private
. Consequently, untrusted callers are prohibited from loading the
awt
library.
private void load() {
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
System.loadLibrary("awt");
return null;
}
});
}
Noncompliant Code Example
Thisnoncompliantcodeexamplereturnsaninstanceof
java.sql.Connection
fromtrus-
ted code to untrusted code.
public Connection getConnection(String url, String username,
String password) {
// ...
return DriverManager.getConnection(url, username, password);
}
Untrusted code that lacks the permissions required to create a SQL connection can
bypass these restrictions by using the acquired instance directly. The
getConnection()
method is unsafe because it uses the
url
argument to indicate a class to be loaded; this
class serves as the database driver.
Compliant Solution
This compliant solution prevents malicious users from supplying their own URL to the
database connection, thereby limiting their ability to load untrusted drivers.