SV.LOADLIB.INJ
This error is caused if you use ‘System.loadLibrary’ or ‘Runtime.loadLibrary’, both of which are vulnerable to environment injection.
Vulnerability and risk
Both ‘System.loadLibrary’ and ‘Runtime.loadLibrary’ accept a name, not a fully qualified path, which allows a modified PATH to load a library with the same name from an untrusted source. Both run with elevated privileges, and give attacks further control of the system.
Vulnerable code example
public void loadUntrustedLibrary() {
//loadLibrary will load the first library found on the path with the name untrusted.dll
System.loadLibrary("untrusted.dll");
}
The error occurs as ‘loadLibrary’ will load the first library found on the path with the name untrusted.dll. Klocwork flags the error at line 3, stating a call was made to 'loadLibrary' method. This method should not be used in lieu of 'System.load' or 'Runtime.load'.
Fixed code example
public void loadUntrustedLibrary() {
System.load("C:\\path\\trusted.dll");
}
In this example, ’System.load’ takes a filename as its argument, and we can give a fully qualified path. Using a fully qualified path removes any uncertainty as to which file is loaded.
Related checkers
External guidance
Security training
Application security training materials provided by Secure Code Warrior.
Extension
This checker can be extended through the Klocwork knowledge base. With a knowledge base update, you can add additional untrusted calls. See Tuning Java analysis for more information.