Granting of dangerous permissions detected

Description

It is improper privilege management to grant certain permissions, as these can compromise the security of an application.

In this case, granting RuntimePermission of createClassLoader puts the application at risk of the unauthorized class loaders being instantiated to load arbitrary classes. Granting ReflectPermission of suppressAccessChecks removes Java language access checks, and risks providing unrestricted access to protected and private class members.

Remediations

❌ Do not grant RuntimePermission("createClassLoader") permission

❌ Do not grant ReflectPermission("suppressAccessChecks") permission

✅ Avoid granting the RuntimePermission of createClassLoader to prevent the instantiation of unauthorized class loaders and the loading of arbitrary classes.

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_dangerous_permissions

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_dangerous_permissions

Ready to take the next step? Learn more about Bearer Cloud.