• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

what is the solution for IBM AppScan tool PrivilegeEscalation

 
Ranch Hand
Posts: 53
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Team,

I scanned my project using IBM AppScan tool. The tool is generated report and it contains one 'Medium' defect type.
The defect type is: 'PrivilegeEscalation' and category is:  CWE-266: Incorrect Privilege Assignment

Defect detail:


My Java Code is:


I am not able to find the solution.
Please help me
Thanks in advance
 
Marshal
Posts: 5731
346
IntelliJ IDE Python TypeScript Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I expect the complaint is that you're using the reflection library to get hold of class and method objects in order to perform some comparison on them. By virtue of using reflection you are circumventing the access scope assigned to those resources, hence the "Incorrect Privilege Assignment" complaint. That's my best assessment at least and could be incorrect.

My primary concern with this code is the use of the reflection library. I don't see a good reason for it.
 
Robert Jack
Ranch Hand
Posts: 53
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim Cooke for your response.

Yes. We are using reflection API. But i am not clear how to solve this defect type.

 
Tim Cooke
Marshal
Posts: 5731
346
IntelliJ IDE Python TypeScript Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My first attempt would be to find a solution that does not use Reflection.

Besides, this Comparator implementation makes no sense to me at all. You are comparing two String types which is very simple, yet you've complicated things hugely by adding into the Comparator the responsibility of obtaining those Strings through a method call on an Object, and then you go on to make it so generic that the implementation is horrible. A Comparator should do one thing and one thing only, and that's to compare two values. The responsibility of obtaining those values belongs elsewhere.
 
Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic