Call to 'System.loadLibrary()' with non-constant string
Reports calls to java.lang.System.loadLibrary()
, java.lang.System.load()
, java.lang.Runtime.loadLibrary()
and java.lang.Runtime.load()
which take a dynamically-constructed string as the name of the library.
Constructed library name strings are a common source of security breaches. By default, this inspection ignores compile-time constants.
Example:
void test(int i) {
System.loadLibrary("foo" + i);
}
- By ID
Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.
LoadLibraryWithNonConstantString
Use the inspection settings to consider any static final
fields as constant. Be careful, because strings like the following will be ignored when the option is enabled:
private static final String LIBRARY = getUserInput();
Here you can find the description of settings available for the Call to 'System.loadLibrary()' with non-constant string inspection, and the reference of their default values.
Inspection Details | |
---|---|
By default bundled with: | |
Can be installed with plugin: | Java, 243.23126 |
Thanks for your feedback!