Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Automated update-Scrapy V0.1 changing RA Table

...

A security manager is an object that defines a security policy for Java code. This policy specifies actions that are unsafe or sensitive. Any actions not allowed by the security policy cause a SecurityException to be thrown. Code can also query its security manager to discover which actions are allowed. The security manager can also be used to control the functions the trusted Java API can perform. (See guideline ENV02-J. Create a secure sandbox using a Security Manager.) When untrusted code should be disallowed from accessing system classes, it should be granted specific permissions to prevent it from accessing trusted classes in the specified packages. The accessClassInPackage permission provides the required functionality. (See guideline SEC12-J. Do not grant untrusted code access to classes in inaccessible packages.) Doing so does not limit what system classes can do; however, it restricts the range of system packages that can be used from less-privileged code.

Risk Assessment Summary

Guideline Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SEC00-J  

high

probable

high

P6

L2

SEC01-J

medium

likely

medium

P12

L1

SEC02-J

medium

likely

high

P6

L2

SEC03-J

high

likely

low

P27

L1

SEC04-J

high

probable

medium

P12

L1

SEC05-J

high

probable

medium

P12

L1

SEC06-J

high

probable

medium

P12

L1

SEC07-J

medium

probable

low

P12

L1

SEC08-J

high

probable

medium

P12

L1

SEC09-J

high

probable

medium

P12

L1

SEC10-J

medium

probable

high

P4

L3

SEC11-J

high

probable

low

P18

L1

SEC12-J

high

likely

high

P9

L2

SEC13-J

high

likely

high

P9

L2

SEC14-J

medium

probable

high

P4

L3

SEC15-J

medium

likely

high

P6

L2

SEC16-J

medium

probable

high

P4

L3

SEC17-J

medium

likely

low

P18

L1

SEC18-J

medium

probable

high

P4

L3

SEC19-J

high

probable

medium

P12

L1

SEC21-J

high

probable

high

P6

L2

...

ENV10-J. Do not disable bytecode verification      The CERT Oracle Secure Coding Standard for Java      SEC00-J. Avoid granting excess privileges