Audit - Rules - API UsageDescriptionThis group contains audit rules that look for API usage opportunities to make the code more secure, either by using a different API or by not using part of an API all together. |
Rules: |
Summary
Classes should not extend java.security.Policy
.
Description
This audit rule looks for classes that subclass the class java.security.Policy
.
Security Implications
Allowing an implementation of java.security.Policy
could lead to a security (and/or permission) breech.
Example
The following class would be flagged as a violation because it extends java.security.Policy
:
import java.security.Policy;
class MyClass extends Policy
{
...
}
Summary
Deprecated API is error-prone and is a potential security threat and thus should not be used.
Description
Old API is sometimes marked deprecated because its implementation is designed in a way that can be error-prone. Deprecated API should be avoided where possible.
Security Implications
Blocks of code that use deprecated API are designed in a careless manner and thus are a potential security threat.
Example
The following code would be flagged as a violation because it uses a deprecated method:
public void resumeChild() {
getChildThread().resume();
}
}
Summary
Always use absolute paths when loading libraries.
Description
This audit rule looks for places where libraries are loaded using a relative file path.
Security Implications
Loading libraries without specifying an absolute path can cause the program to load malicious libraries supplied by an attacker.
Example
The following code uses System.loadLibrary()
to load code from a native library named library.dll
, which is normally found in a standard system directory.
System.loadLibrary("library.dll");
Summary
Prevents the use or overuse of privileged code.
Description
This audit rule flags instances of java.security.PrivilegedAction and java.security.PrivilegedExceptionAction which have more than a specified number (default 0) of statements within run().
Note: When set to default value of 0, no privileged code will be allowed since the method run, see PrivilegedAction or PrivilegedExceptionAction, returns an Object, which at minimum takes one statement: "return null;".
Security Implications
Privileged code allows code access to system variables the Java API would normally not allow access to, for security purposes privileged code should be used sparingly.
Example
The following source would be flagged since there are statements in a run() method declared for a PrivilegedAction.
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
System.loadLibrary("awt");
return null;
}
});