Audit - Rules - Inheritance

Description
This group contains audit rules that check for problems that are either related to the type hierarchy or can only be seen by looking that the supertypes of a type.

Rules:

Details

Do Not Subclass ClassLoader

Summary
Do not extend java.lang.ClassLoader

Description
Subclasses of java.lang.ClassLoader are flagged. In instances where ClassLoader needs to be subclassed, use java.security.SecureClassLoader.

Security Implications
By subclassing SecureClassLoader instead of ClassLoader, additional Java security measures are taken to protect against class loading vulnerabilities.

Example
The following class would be flagged as a violation:

    class A extends ClassLoader {...}