SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 106

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Failure to define wrappers around native methods can allow unprivileged callers to invoke them and exploit inherent vulnerabilities such as buffer overflows in native libraries.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

JNI00-J

Medium

Probable

No

HighNo

P4

L3

Automated Detection

Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments [Fairbanks 2007] could assist both programmers and static analysis tools.

SECURITYIBA
ToolVersionCheckerDescription
Klocwork

Include Page
Klocwork_V
Klocwork_V

JAVA.NATIVE.PUBLIC
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.JNI00.NATIWUse wrapper methods to secure native methods

Related Guidelines

MITRE CWE

CWE-111, Direct Use of Unsafe JNI

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 5-3 / INPUT-3: Define wrappers around native methods

...