SV.TAINT_NATIVE
This error occurs when unchecked user input is passed to native method calls.
Vulnerability and risk
Native code is usually C/C++ code. This language carries inherent security risks. If a user input enters native code, it can create much more dangerous problems than any error in Java code, such as buffer overflows and denial-of-service (DoS) by a JVM crash.
Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.
Mitigation and prevention
Sanitize all user data before passing it to native methods. At the very least, check user data for size and for dangerous symbols such as '\0'. In addition, normalizing the strings before checking them for dangerous symbols is highly recommended.
Example 1
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String name = req.getParameter("userName");
processNatively(name);
}
private native void processNatively(String name);SV.TAINT_NATIVE is reported for line 16: tainted data from 'name' goes to a native code call which can have BufferOverflows and other critical errors.
External guidance
- CERT IDS01-J: Normalize strings before validating them
- CWE-20: Improper Input Validation
- OWASP A1:2017 Injection
- OWASP A3:2021 Injection
- STIG-ID:APP3590.1 Application is vulnerable to buffer overflows
- STIG-ID:APP3590.2 Application is vulnerable to buffer overflows
- STIG-ID:APP3760 Web Service Availability
- STIG-ID:APP3780 Web Service Availability
Extension
This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.
