...
This rule concerns sensitive information escaping from a doPrivileged() block. For information about untrusted information entering a doPrivileged() block, see SEC03SEC01-J. Do not allow tainted variables in doPrivileged blocks.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4c76180008125f10-cdc98226-422f491f-a542a991-69c9c2522f24548ad59b3e82"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method doPrivileged() | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d582c2f25c7eb519-7d61dd55-41854d44-b96baa0a-ad4d4934954a9cad1dde28b8"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | Sections 6.4, AccessController and 9.5 Privileged Code | ]]></ac:plain-text-body></ac:structured-macro> |
...
14. Platform Security (SEC) 14. Platform Security (SEC) SEC03SEC01-J. Do not allow tainted variables in doPrivileged blocks