Insecure inherited permissions

scala.perm.scala_perm_rule_dangerouspermissions

Severity

low

Resource

Perm

Language

Scala

Description

Do not grant dangerous combinations of permissions.

Rationale

Do not grant dangerous combinations of permissions.

The following code illustrates a vulnerable pattern detected by this rule:

def danger(cs: CodeSource): Unit = {
  val pc: PermissionCollection = super.getPermissions(cs)
  // VULNERABLE: Insecure inherited permissions
  pc.add(new ReflectPermission("suppressAccessChecks"))
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-277
OWASP Top 10 2021 - A01 : Broken Access Control.