-
Enhancement
-
Resolution: Won't Fix
-
P4
-
None
-
15
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
For many classes of the JDK incorrect or careless usage can lead to security vulnerabilities. However, often the documentation of these classes or methods does not mention the security implications and they are not obvious from the class itself.
Examples for this are:
- ZipFile: "Zip bomb", Zip quine
- ZipEntry.getName(): ZipSlip vulnerability
- XML processing classes: XXE
- Runtime.exec(String): Command injection
- Unsafe: Native memory access without bound checks
- ...
It would therefore be good to add a block tag `@security` to the Standard Doclet to allow describing security implications or giving security advisories. This tag should be publicly available (and not limited to usage by the JDK) because libraries, especially ones which work with untrusted user data, also have the need to document security implications. The generated HTML should clearly highlight the `@security` content, similar to `@deprecated` (though maybe not as extreme).
The content of the @security tag could then consist of:
- Security implications
- Security advisories
- References to safer alternatives
- References to external advisories, e.g.:
- Oracle Secure Coding Guidelines for Java SE
- CWE
- OWASP
For many classes of the JDK incorrect or careless usage can lead to security vulnerabilities. However, often the documentation of these classes or methods does not mention the security implications and they are not obvious from the class itself.
Examples for this are:
- ZipFile: "Zip bomb", Zip quine
- ZipEntry.getName(): ZipSlip vulnerability
- XML processing classes: XXE
- Runtime.exec(String): Command injection
- Unsafe: Native memory access without bound checks
- ...
It would therefore be good to add a block tag `@security` to the Standard Doclet to allow describing security implications or giving security advisories. This tag should be publicly available (and not limited to usage by the JDK) because libraries, especially ones which work with untrusted user data, also have the need to document security implications. The generated HTML should clearly highlight the `@security` content, similar to `@deprecated` (though maybe not as extreme).
The content of the @security tag could then consist of:
- Security implications
- Security advisories
- References to safer alternatives
- References to external advisories, e.g.:
- Oracle Secure Coding Guidelines for Java SE
- CWE
- OWASP