Audit - Rules - Finalization

Description
This group contains audit rules that check for problems with the use of the finalization mechanism (the finalize method).

Rules:

Details

Finalize Should Not Be Public

Summary
Finalize methods declared within an Applet should not be public

Description
This audit rule flags any declarations of the Object.finalize that are public and within an Applet. If the finalize method is declared properly, then the method should not need to be public.

Security Implications
Malicious users can perform attacks on Applets by calling public finalize methods.

Example
The following declaration of finalize would be flagged:

    class A extends java.applet.Applet {
        public void finalize() {}
    }