Granting of dangerous permissions detected
- Rule ID: java_lang_dangerous_permissions
- Languages: java
- Source: dangerous_permissions.yml
It is improper privilege management to grant certain permissions, as these can compromise the security of an application.
In this case, granting RuntimePermission of
createClassLoader puts the application at risk of the unauthorized class loaders being instantiated to load arbitrary classes.
Granting ReflectPermission of
suppressAccessChecks removes Java language access checks, and risks providing unrestricted access to protected and private class members.
❌ Do not grant RuntimePermission("createClassLoader") permission
❌ Do not grant ReflectPermission("suppressAccessChecks") permission
✅ Avoid granting the RuntimePermission of createClassLoader to prevent the instantiation of unauthorized class loaders and the loading of arbitrary classes.
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_lang_dangerous_permissions
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_lang_dangerous_permissions
Ready to take the next step? Learn more about Bearer Cloud.