ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2657/java/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

38 lines
772 B
Plaintext
Raw Blame History

== Why is this an issue?
According to the EJB specification, EJB's:
____
...must not attempt to create a class loader; obtain the current class loader; set the context class loader...
____
This rule raises an issue each time an EJB obtains a class loader.
=== Noncompliant code example
[source,java]
----
ClassLoader loader = this.getClass().getClassLoader(); // Noncompliant
ClassLoader loader = new MyClassLoader(); // Noncompliant
----
== Resources
* CWE - https://cwe.mitre.org/data/definitions/578[CWE-578 - EJB Bad Practices: Use of Class Loader]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Remove this use of a [class loader|"SecurityManager"].
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink