Reports calls to java.lang.System.loadLibrary(), java.lang.System.load(), java.lang.Runtime.loadLibrary()
and java.lang.Runtime.load()
which take a dynamically-constructed string as the name of the library.
Constructed library name strings are a common source of security breaches.
By default this inspection ignores compile-time constants.
Use the checkbox below to consider any static final fields as constant.
Be careful, because strings like the following will be ignored when the option is enabled:
private static final String LIBRARY = getUserInput();