Usage of dangerous permissions

Overview

Rule ID: java_lang_dangerous_permissions
Applicable Languages: Java
Weakness ID: CWE-269

Description

Granting certain dangerous permissions compromises application security. For example, allowing the RuntimePermission of createClassLoader can enable unauthorized class loaders to load arbitrary classes. Similarly, permitting the ReflectPermission of suppressAccessChecks bypasses Java language access controls, potentially allowing unrestricted access to protected and private class members.

Remediation Guidelines

Do not grant RuntimePermission("createClassLoader"), as this permission allows the instantiation of unauthorized class loaders, posing a security risk by potentially loading arbitrary classes.
Similarly, avoid granting ReflectPermission("suppressAccessChecks"), which bypasses Java's access controls and can lead to unrestricted access to protected and private class members.
Do Review and restrict permissions to only those necessary for the application's functionality. Limiting permissions minimizes potential security vulnerabilities.

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of custom Digest class NextUsage of ECB Cipher Mode

Last updated 3 months ago