...
This noncompliant code example shows an a changePassword() method that attempts to open a password file using a doPrivileged block. The doPrivileged block also contains logic that operates on the file and a superfluous System.loadLibrary() call.
...
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC00-J | high | probable | high | P6 | L2 |
Automated Detection
TODOAutomated checking is clearly not possible in the general case. We might be able to do something with escape analysis to check that we are not leaking privileged data provided that privileged data is marked by the user, and even that would be difficult.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...