Create context-sensitive help for your checker

  1. Open JNDI.PRINT\help.xml in the editor of your choice.
  2. Mandatory: Add the following issue help description: 
    Sensitive JNDI information leak
  3. Optional: You may fill in the rest of the file with the information below, if desired.
  4. Save the file.

JNDI.PRINT help.xml 

<?xml version="1.0"?>
<help language="java">
    
    <defect id="JNDI.PRINT">        
        <description>            
            Sensitive JNDI information leak            
        </description>
        <risks>            
            Revealing details about an JNDI storage is a security issue because it provides attackers with information they can use to further their attacks.
        </risks>
        <prevention>            
            Filter all the data coming from the JNDI in order to prevent sensitive information leaks.
        </prevention>
        
        <examples>            
            <example line="1">                
                <![CDATA[
                
import javax.naming.*;

public class Sample1 {

    public void test(final Context context) throws Exception {
    
        final NamingEnumeration<NameClassPair> enumeration = context.list("*");
        System.out.println(enumeration );
        
    }
    
}

            ]]>
            
                <description>                    
                    JNDI.PRINT is reported on line 7.                    
                </description>                
            </example>            
        </examples>        
    </defect>    
</help>

Related Topics Link IconSee also