SV.TAINT_NATIVE

This error occurs when unchecked user input is passed to native method calls.

Vulnerability and risk

Native code is usually C/C++ code. This language carries inherent security risks. If a user input enters native code, it can create much more dangerous problems than any error in Java code, such as buffer overflows and denial-of-service (DoS) by a JVM crash.

Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.

Mitigation and prevention

Sanitize all user data before passing it to native methods. At the very least, check user data for size and for dangerous symbols such as '\0'. In addition, normalizing the strings before checking them for dangerous symbols is highly recommended.

Example 1

14     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
15         String name = req.getParameter("userName");
16         processNatively(name);
17     }
18 
19     private native void processNatively(String name);

SV.TAINT_NATIVE is reported for line 16: tainted data from 'name' goes to a native code call which can have BufferOverflows and other critical errors.

Security guidelines

• CWE-20: Improper Input Validation
• OWASP 2013:A10 Unvalidated Redirects and Forwards
• STIG-ID:APP3590.1 Application is vulnerable to buffer overflows
• STIG-ID:APP3590.2 Application is vulnerable to buffer overflows
• STIG-ID:APP3760 Web Service Availability
• STIG-ID:APP3780 Web Service Availability
• IDS01-J. Normalize strings before validating them

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.