The product’s design documentation does not adequately describe
control flow, data flow, system initialization, relationships between tasks,
components, rationales, or other important aspects of the
design.
Modes of Introduction:
When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.
Many safety features that programmers may take for granted do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.
Modes of Introduction:
– Implementation
Access Control: Bypass Protection Mechanism
Phase: Implementation
Description:
Implement error handling around the JNI call.
Phase: Implementation
Description:
Do not use JNI calls if you don’t trust the native library.
Phase: Implementation
Description:
Be reluctant to use JNI calls. A Java API equivalent may exist.
The code contains a callable, block, or other code element in
which the same variable is used to control more than one unique task or store
more than one instance of data.
Modes of Introduction:
Other: Reduce Maintainability
The code is structured in a way that relies too much on using
or setting global variables throughout various points in the code, instead of
preserving the associated information in a narrower, more local
context.
Modes of Introduction:
Other: Reduce Maintainability
The source code uses symbolic constants, but it does not
sufficiently place the definitions of these constants into a more centralized or
isolated location.
Modes of Introduction:
Other: Reduce Maintainability
The source code uses literal constants that may need to change
or evolve over time, instead of using symbolic constants.
Modes of Introduction:
Other: Reduce Maintainability
The product or code uses machine-dependent functionality, but
it does not sufficiently encapsulate or isolate this functionality from
the rest of the code.
Modes of Introduction:
Other: Reduce Maintainability
The product relies on third-party components that are not
actively supported or maintained by the original developer or a trusted proxy
for the original developer.
Modes of Introduction:
Other: Reduce Maintainability
The product relies on third-party software components that do
not provide equivalent functionality across all desirable
platforms.
Modes of Introduction:
Other: Reduce Maintainability
The code uses a data representation that relies on low-level
data representation or constructs that may vary across different processors,
physical machines, OSes, or other physical components.
Modes of Introduction:
Other: Reduce Maintainability