SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 159

changes.mady.by.user Alexandre GIGLEUX

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Misuse of APIs that perform language access checks only against the immediate caller can break data encapsulation, leak sensitive information, or permit privilege escalation attacks.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

SEC05-J

High

Probable

Yes

MediumNo

P12

L1

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.CLASS.ACCESS.BYPASS
JAVA.CLASS.ACCESS.MODIFY

Reflection bypasses member accessibility (Java)
Reflection modifies member accessibility (Java)

Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CODSTACERT.BPSEC05.ARMImplementedAvoid using reflection methods
SonarQube
Include Page
SonarQube_V
SonarQube_V

S3011

Changing or bypassing accessibility is security-sensitive
SpotBugs

Include Page
SpotBugs_V
SpotBugs_V

REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASSImplemented (since 4.5.0)

Related Guidelines

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 9-10 / ACCESS-10: Be aware of standard APIs that perform Java language access checks against the immediate caller

...