The code contains a callable, block, or other code element in
which the same variable is used to control more than one unique task or store
more than one instance of data.
Modes of Introduction:
Other: Reduce Maintainability
When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.
Many safety features that programmers may take for granted do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.
Modes of Introduction:
– Implementation
Access Control: Bypass Protection Mechanism
Phase: Implementation
Description:
Implement error handling around the JNI call.
Phase: Implementation
Description:
Do not use JNI calls if you don’t trust the native library.
Phase: Implementation
Description:
Be reluctant to use JNI calls. A Java API equivalent may exist.
The product’s design documentation does not adequately describe
control flow, data flow, system initialization, relationships between tasks,
components, rationales, or other important aspects of the
design.
Modes of Introduction:
The product’s documentation does not adequately define inputs,
outputs, or system/software interfaces.
Modes of Introduction:
The document does not fully define all mechanisms that are used
to control or influence how product-specific programs are
executed.
Modes of Introduction:
The source code uses comment styles or formats that are
inconsistent or do not follow expected standards for the
product.
Modes of Introduction:
The source code contains whitespace that is inconsistent across
the code or does not follow expected standards for the
product.
Modes of Introduction:
The source code contains elements such as source files
that do not consistently provide a prologue or header that has been
standardized for the project.
Modes of Introduction:
The source code contains comments that do not accurately
describe or explain aspects of the portion of the code with which the comment is
associated.
Modes of Introduction:
Other: Reduce Maintainability
The code contains a function or method whose signature and/or associated
inline documentation does not sufficiently describe the callable’s inputs, outputs,
side effects, assumptions, or return codes.
Modes of Introduction:
Other: Reduce Maintainability