Inspectopedia Help

Call to 'System.loadLibrary()' with non-constant string

Reports calls to java.lang.System.loadLibrary(), java.lang.System.load(), java.lang.Runtime.loadLibrary() and java.lang.Runtime.load() which take a dynamically-constructed string as the name of the library.

Constructed library name strings are a common source of security breaches. By default, this inspection ignores compile-time constants.

Example:

void test(int i) { System.loadLibrary("foo" + i); }

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

LoadLibraryWithNonConstantString
Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | Java | Security

Use the inspection settings to consider any static final fields as constant. Be careful, because strings like the following will be ignored when the option is enabled:

private static final String LIBRARY = getUserInput();

Inspection options

Here you can find the description of settings available for the Call to 'System.loadLibrary()' with non-constant string inspection, and the reference of their default values.

Consider 'static final' fields constant

Not selected

Inspection Details

By default bundled with:

IntelliJ IDEA 2024.2, Qodana for JVM 2024.2,

Can be installed with plugin:

Java, 242.22892

Last modified: 11 September 2024
Call to 'Statement.execute()' with non-constant stringCall to 'System.setSecurityManager()'