ABSTRACT

Privileged code in public methods can be called from anywhere in the JVM.

EXPLANATION

Secure coding principles advocate making access specifiers as restrictive as possible. A method with a public access specifier means that any external code is allowed to call it. Public methods that perform privileged actions can be dangerous when code is shared in libraries or in environments where code can dynamically enter the system (e.g. Code Injection, Dangerous File Inclusion, File Upload, etc).



Example 1: In the following code, doPrivilegedOpenFile() is declared public and performs a privileged operation.


public static void doPrivilegedOpenFile(final String filePath) {
final BadFileNamePrivilegedAction pa = new BadFileNamePrivilegedAction(filePath);

FileInputStream fis = null;
...
fis = (FileInputStream)AccessController.doPrivileged(pa);
...
}

REFERENCES

[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265

[2] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.5.7, Requirement 7.2

[3] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.8

[4] Secure Coding Guidelines for the Java Programming Language, version 2.0 Sun Microsystems, Inc.

[5] M. S. Ware Writing secure Java code: taxonomy of heuristics and an evaluation of static analysis tools