Audit - Rules - InheritanceDescriptionThis group contains audit rules that check for problems that are either related to the type hierarchy or can only be seen by looking that the supertypes of a type. |
Rules: |
Summary
Do not extend java.lang.ClassLoader
Description
Subclasses of java.lang.ClassLoader
are flagged. In instances where ClassLoader
needs to be subclassed, use java.security.SecureClassLoader
.
Security Implications
By subclassing SecureClassLoader
instead of ClassLoader
, additional Java security measures are taken to protect against class loading vulnerabilities.
Example
The following class would be flagged as a violation:
class A extends ClassLoader {...}