JAVA.NATIVE.PUBLIC

Define wrappers around native methods

Vulnerability and risk

Public native operations may be invoked beyond their intended usage and can lead to a security threat.

Mitigation and prevention

Native methods should not be public. Ensure native operations are made private by removing the public keyword, and introduce wrapper methods to validate usage.

Vulnerable code example

Copy
package com.klocwork;

public class JAVA_NATIVE_PUBLIC_POSITIVE {
    public native void test(String args[]);
}

Fixed code example

Copy
package com.klocwork;

public class JAVA_NATIVE_PUBLIC_NEGATIVE {
    native void test(String args[]);
}

External guidance