SV.CLEXT.POLICY

Code inspection rule. SV.CLEXT.POLICY occurs when a class extends java.security.Policy.

Vulnerability and risk

Allowing implementations of 'java.security.Policy' could lead to a security and/or permissions breach.

Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.

Mitigation and prevention

Avoid extending java.security.Policy.

Example 1

Copy

13
14
15
16
17
18
19
20
     class MyPolicy extends Policy {
         //  example end
         public PermissionCollection getPermissions(CodeSource codesource) {
             return null;
         }
         public void refresh() {
         }
     }

SV.CLEXT.POLICY is reported for class declaration on line 13: Class 'com.klocwork.jdefects.checkers.ast.samples.SV_CLEXT_POLICY_Sample_1$MyPolicy' extends 'java.security.Policy'.

External guidance

CERT ENV03-J: Do not grant dangerous combinations of permissions