...
Misuse of APIs that perform language access checks only against the immediate caller can break data encapsulation, leak sensitive information, or permit privilege escalation attacks.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
SEC05-J | High | Probable | Yes | NoMedium | P12 | L1 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| JAVA.CLASS.ACCESS.BYPASS | Reflection Bypasses Member Accessibility bypasses member accessibility (Java) | ||||||
| Parasoft Jtest |
| CERT.SEC05.ARM | Avoid using reflection methods | ||||||
| SonarQube |
| Changing or bypassing accessibility is security-sensitive | |||||||
| SpotBugs |
| REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS | Implemented (since 4.5.0) |
...