View Help Online

Start here

Reference

MISRA C 2004 checkers

MISRA C++ 2008 checkers

MISRA C 2012 checkers

MISRA C 2012 checkers with Amendment 1

Troubleshooting

Product components

C/C++ Integration build analysis

Java Integration build analysis

Desktop analysis

Klocwork Static Code Analysis

Klocwork Code Review

Custom checkers

Coding environments

Eclipse for C/C++

Eclipse for Java

Administration

Project configuration

Build configuration

Analysis performance

Server performance

Security/permissions

Klocwork Static Code Analysis Web API

Klocwork Code Review Web API

Community

View help online

Visit RogueWave.com

Klocwork Support

Rogue Wave Videos

Legal

Legal information

SV.CLEXT.POLICY

Code inspection rule. SV.CLEXT.POLICY occurs when a class extends java.security.Policy.

Vulnerability and risk

Allowing implementations of 'java.security.Policy' could lead to a security and/or permissions breach.

Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.

Mitigation and prevention

Avoid extending java.security.Policy.

Example 1

13     class MyPolicy extends Policy {
14         //  example end
15         public PermissionCollection getPermissions(CodeSource codesource) {
16             return null;
17         }
18         public void refresh() {
19         }
20     }

SV.CLEXT.POLICY is reported for class declaration on line 13: Class 'com.klocwork.jdefects.checkers.ast.samples.SV_CLEXT_POLICY_Sample_1$MyPolicy' extends 'java.security.Policy'.