Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2657

EJB's should not use class loaders

    XMLWordPrintable

    Details

    • Type: Bug Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Remove this use of a [class loader|"SecurityManager"].
    • Default Severity:
      Major
    • Impact:
      Low
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      Java
    • Irrelevant for Languages:
      ABAP, C#, C, C++, Cobol, Flex, HTML, JavaScript, Objective-C, PHP, PL/I, PL/SQL, Python, RPG, Swift, VB.Net, VB6, XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      45min
    • Implementation details:
    • CWE:
      CWE-578
    • FindBugs:
      DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED

      Description

      According to the EJB specification, EJB's:

      ...must not attempt to create a class loader; obtain the current class loader; set the context class loader...

      This rule raises an issue each time an EJB obtains a class loader.

      Noncompliant Code Example

      ClassLoader loader = this.getClass().getClassLoader();  // Noncompliant
      ClassLoader loader = new MyClassLoader();  // Noncompliant
      

      See

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ann.campbell.2 Ann Campbell
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: