Java Developer Tools

Audit - Rules - API Usage

Description
This group contains audit rules that look for API usage opportunities to make the code more secure, either by using a different API or by not using part of an API all together.

Rules:

Details

Class Extends java.security.Policy

Summary
Classes should not extend java.security.Policy.

Description
This audit rule looks for classes that subclass the class java.security.Policy.

Security Implications
Allowing an implementation of java.security.Policy could lead to a security (and/or permission) breech.

Example
The following class would be flagged as a violation because it extends java.security.Policy:

    import java.security.Policy;

    class MyClass extends Policy
    {
            ...
    }

Deprecated Method Found

Summary
Deprecated API is error-prone and is a potential security threat and thus should not be used.

Description
Old API is sometimes marked deprecated because its implementation is designed in a way that can be error-prone. Deprecated API should be avoided where possible.

Security Implications
Blocks of code that use deprecated API are designed in a careless manner and thus are a potential security threat.

Example
The following code would be flagged as a violation because it uses a deprecated method:

    public void resumeChild() {
        getChildThread().resume();
    }

    }

Relative Library Path

Summary
Always use absolute paths when loading libraries.

Description
This audit rule looks for places where libraries are loaded using a relative file path.

Security Implications
Loading libraries without specifying an absolute path can cause the program to load malicious libraries supplied by an attacker.

Example
The following code uses System.loadLibrary() to load code from a native library named library.dll, which is normally found in a standard system directory.

    System.loadLibrary("library.dll");

Use Privileged Code Sparingly

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.