...
This noncompliant code example shows an example where it is assumed that an object reference is constant with erroneous results.
| Code Block | ||
|---|---|---|
| ||
|
Compliant Solution
In this compliant solution, in native code, object references are tested for object equality using the IsSameObject() function, and the object references tested are global references.
| Code Block | ||
|---|---|---|
| ||
| ||
Risk Assessment
If it is assumed that an object reference is constant or unique then erroneous results may be obtained that could lead to the app crashing. This, in turn, could be used to mount a denial-of-service attack.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
JNI02-J | Low | Probable |
No | No | P2 | L3 |
Automated Detection
Although it may be possible to automatically detect the use of == or != for comparing object references in native code, in general automatic detection of the wider issue is not feasible. [Is it?]
Bibliography
...
