SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

  • Created by Unknown User (lflynn), last modified on May 05, 2014

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

 (THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)

Noncompliant Code Example

 

 

Compliant Solution

 

 

Exceptions

 

Risk Assessment

Failure to define wrappers around native methods can allow unprivileged callers to invoke them and exploit inherent vulnerabilities such as buffer overflows in native libraries.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

JNI01-J

 

 

 

 

 

Automated Detection

 

Related Guidelines

MITRE CWE

CWE-111. Direct use of unsafe JNI

Secure Coding Guidelines for the Java Programming Language, Version 4.0

Guideline 9-9. Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance

Bibliography

[JNI 2006]

 

[Liang 1997]

 

 

  • No labels