mirror of
https://gitflic.ru/project/openide/openide.git
synced 2025-12-16 22:51:17 +07:00
24 lines
837 B
HTML
24 lines
837 B
HTML
<html>
|
|
<body>
|
|
Reports calls to <code>java.lang.System.loadLibrary()</code>, <code>java.lang.System.load()</code>, <code>java.lang.Runtime.loadLibrary()</code>
|
|
and <code>java.lang.Runtime.load()</code>
|
|
which take a dynamically-constructed string as the name of the library.
|
|
<p>
|
|
Constructed library name strings are a common source of security breaches.
|
|
By default, this inspection ignores compile-time constants.</p>
|
|
<p><b>Example:</b></p>
|
|
<pre><code>
|
|
void test(int i) {
|
|
System.loadLibrary("foo" + i);
|
|
}
|
|
</code></pre>
|
|
<!-- tooltip end -->
|
|
<p>
|
|
Use the inspection settings to consider any <code>static final</code> fields as constant.
|
|
Be careful, because strings like the following will be ignored when the option is enabled:
|
|
</p>
|
|
<pre><code>
|
|
private static final String LIBRARY = getUserInput();
|
|
</code></pre>
|
|
</body>
|
|
</html> |