2020-06-30 14:41:58 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
class A {
void foo(String fmt, Object args) throws Exception {
// Sensitive. Check how the standard input is used.
System.in.read();
// Sensitive. Check how safe this new InputStream is.
System.setIn(new java.io.FileInputStream("test.txt"));
java.io.Console console = System.console();
// Sensitive. All the following calls should be reviewed as they use the standard input.
console.reader();
console.readLine();
console.readLine(fmt, args);
console.readPassword();
console.readPassword(fmt, args);
}
}
----
== Exceptions
2021-01-27 13:42:22 +01:00
All references to ``++System.in++`` will create issues except direct calls to ``++System.in.close()++``.
2020-06-30 14:41:58 +02:00
Command line parsing libraries such as JCommander often read standard input when asked for passwords. However this rule doesn't raise any issue in this case as another hotspot rule covers command line arguments.
include::../see.adoc[]
