SV.LOADLIB.INJ

This error is caused if you use ‘System.loadLibrary’ or ‘Runtime.loadLibrary’, both of which are vulnerable to environment injection.

Vulnerability and risk

Both ‘System.loadLibrary’ and ‘Runtime.loadLibrary’ accept a name, not a fully qualified path, which allows a modified PATH to load a library with the same name from an untrusted source. Both run with elevated privileges, and give attacks further control of the system.

Vulnerable code example

Copy
   public void loadUntrustedLibrary() {
      //loadLibrary will load the first library found on the path with the name untrusted.dll
      System.loadLibrary("untrusted.dll");
   }

The error occurs as ‘loadLibrary’ will load the first library found on the path with the name untrusted.dll. Klocwork flags the error at line 3, stating a call was made to 'loadLibrary' method. This method should not be used in lieu of 'System.load' or 'Runtime.load'.

Fixed code example

Copy
   public void loadUntrustedLibrary() {
      System.load("C:\\path\\trusted.dll");
   }

In this example, ’System.load’ takes a filename as its argument, and we can give a fully qualified path. Using a fully qualified path removes any uncertainty as to which file is loaded.

External guidance

Security training

Application security training materials provided by Secure Code Warrior.

Extension

This checker can be extended through the Klocwork knowledge base. With a knowledge base update, you can add additional untrusted calls. See Tuning Java analysis for more information.