java.lang.security.do-privileged-use.do-privileged-use

profile photo of semgrepsemgrep
Author
161
Download Count*
LGPL Commons Clause
License

Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it. Be very careful in your use of the privileged construct, and always remember to make the privileged code section as small as possible.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: do-privileged-use
    severity: WARNING
    languages:
      - java
    metadata:
      cwe:
        - "CWE-269: Improper Privilege Management"
      references:
        - https://docs.oracle.com/javase/8/docs/technotes/guides/security/doprivileged.html
        - https://wiki.sei.cmu.edu/confluence/display/java/Privilege+Escalation
        - http://phrack.org/papers/escaping_the_java_sandbox.html
      category: security
      technology:
        - java
      owasp:
        - A04:2021 - Insecure Design
      subcategory:
        - audit
      likelihood: LOW
      impact: MEDIUM
      confidence: LOW
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Improper Authorization
    message: Marking code as privileged enables a piece of trusted code to
      temporarily enable access to more resources than are available directly to
      the code that called it. Be very careful in your use of the privileged
      construct, and always remember to make the privileged code section as
      small as possible.
    patterns:
      - pattern-inside: |
          import java.security.*;
          ...
      - pattern-either:
          - pattern: AccessController.doPrivileged(...);
          - pattern: class $ACTION implements PrivilegedAction<Void> { ... }

Examples

do-privileged-use.java

import java.security.*;

public class NoReturnNoException {

    // ruleid: do-privileged-use
    class MyAction implements PrivilegedAction<Void> {
        public Void run() {
            // Privileged code goes here, for example:
            System.loadLibrary("awt");
            return null; // nothing to return
        }
    }

    public void somemethod() {

        MyAction mya = new MyAction();

        // Become privileged:
        // ruleid: do-privileged-use
        AccessController.doPrivileged(mya);

        // Anonymous class
        // ruleid: do-privileged-use
        AccessController.doPrivileged(new PrivilegedAction<Void>() {
            public Void run() {
                // Privileged code goes here, for example:
                System.loadLibrary("awt");
                return null; // nothing to return
            }
        });

        // Lambda expression
        // ruleid: do-privileged-use
        AccessController.doPrivileged((PrivilegedAction<Void>)
            () -> {
                // Privileged code goes here, for example:
                System.loadLibrary("awt");
                return null; // nothing to return
            }
        );
    }

    public static void main(String... args) {
        NoReturnNoException myApplication = new NoReturnNoException();
        myApplication.somemethod();
    }
}