Usage of dangerous permissions
Last updated
Last updated
Rule ID: java_lang_dangerous_permissions
Applicable Languages: Java
Weakness ID: CWE-269
Granting certain dangerous permissions compromises application security. For example, allowing the RuntimePermission
of createClassLoader
can enable unauthorized class loaders to load arbitrary classes. Similarly, permitting the ReflectPermission
of suppressAccessChecks
bypasses Java language access controls, potentially allowing unrestricted access to protected and private class members.
Do not grant RuntimePermission("createClassLoader")
, as this permission allows the instantiation of unauthorized class loaders, posing a security risk by potentially loading arbitrary classes.
Similarly, avoid granting ReflectPermission("suppressAccessChecks")
, which bypasses Java's access controls and can lead to unrestricted access to protected and private class members.
Do Review and restrict permissions to only those necessary for the application's functionality. Limiting permissions minimizes potential security vulnerabilities.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our