Audit - Rules - FinalizationDescriptionThis group contains audit rules that check for problems with the use of the finalization mechanism (the finalize method). |
Rules: |
Summary
Finalize methods declared within an Applet should not be public
Description
This audit rule flags any declarations of the Object.finalize that are public and within an Applet. If the finalize method is declared properly, then the method should not need to be public.
Security Implications
Malicious users can perform attacks on Applets by calling public finalize methods.
Example
The following declaration of finalize would be flagged:
class A extends java.applet.Applet {
public void finalize() {}
}