16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
38 lines
773 B
Plaintext
38 lines
773 B
Plaintext
== Why is this an issue?
|
|
|
|
According to the EJB specification, EJB's:
|
|
|
|
____
|
|
...must not attempt to create a class loader; obtain the current class loader; set the context class loader...
|
|
____
|
|
|
|
|
|
This rule raises an issue each time an EJB obtains a class loader.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
ClassLoader loader = this.getClass().getClassLoader(); // Noncompliant
|
|
ClassLoader loader = new MyClassLoader(); // Noncompliant
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://cwe.mitre.org/data/definitions/578[MITRE, CWE-578] - EJB Bad Practices: Use of Class Loader
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this use of a [class loader|"SecurityManager"].
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|