SV.LOADLIB.INJ

This error is caused if you use ‘System.loadLibrary’ or ‘Runtime.loadLibrary’, both of which are vulnerable to environment injection.

Vulnerability and risk

Both ‘System.loadLibrary’ and ‘Runtime.loadLibrary’ accept a name, not a fully qualified path, which allows a modified PATH to load a library with the same name from an untrusted source. Both run with elevated privileges, and give attacks further control of the system.

Vulnerable code example

1
2
3
4
   public void loadUntrustedLibrary() {
      //loadLibrary will load the first library found on the path with the name untrusted.dll
      System.loadLibrary("untrusted.dll");
   }

The error occurs as ‘loadLibrary’ will load the first library found on the path with the name untrusted.dll. Klocwork flags the error at line 3, stating a call was made to 'loadLibrary' method. This method should not be used in lieu of 'System.load' or 'Runtime.load'.

Fixed code example

1
2
3
   public void loadUntrustedLibrary() {
      System.load("C:\\path\\trusted.dll");
   }

In this example, ’System.load’ takes a filename as its argument, and we can give a fully qualified path. Using a fully qualified path removes any uncertainty as to which file is loaded.

Related checkers

• SV.CLASSLOADER.INJ
• SV.CLASSDEF.INJ
• SV.SCRIPT

External guidance

• CERT JNI01-J: Safely invoke standard APIs that perform tasks using the immediate caller\'s class loader instance (loadLibrary)
• CWE-114: Process Control

Security training

Application security training materials provided by Secure Code Warrior.

• Os Command Injections Training Video - Test your skills with a training example

Extension

This checker can be extended through the Klocwork knowledge base. With a knowledge base update, you can add additional untrusted calls. See Tuning Java analysis for more information.