ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2658/java/rule.adoc

14 lines
463 B
Plaintext
Raw Normal View History

Add rules 2000-2999
2020-06-30 12:48:07 +02:00
Dynamically loaded classes could contain malicious code executed by a static class initializer. I.E. you wouldn't even have to instantiate or explicitly invoke methods on such classes to be vulnerable to an attack.
Force linebreaks
2021-02-02 15:02:10 +01:00
Add rules 2000-2999
2020-06-30 12:48:07 +02:00
This rule raises an issue for each use of dynamic class loading.
== Noncompliant Code Example
----
String className = System.getProperty("messageClassName");
Class clazz = Class.forName(className); // Noncompliant
----
include::../see.adoc[]
Reference in New Issue Copy Permalink