mirror of
https://github.com/github/codeql.git
synced 2025-12-28 14:46:33 +01:00
38 lines
1.0 KiB
XML
38 lines
1.0 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
|
|
<overview>
|
|
<p>
|
|
The Enterprise JavaBeans 3.0 core specification, Section 21.1.2, states:
|
|
</p>
|
|
|
|
<blockquote>
|
|
<p>
|
|
The enterprise bean must not attempt to query a class to obtain information about the declared
|
|
members that are not otherwise accessible to the enterprise bean because of the security rules
|
|
of the Java language. The enterprise bean must not attempt to use the Reflection API to access
|
|
information that the security rules of the Java programming language make unavailable.
|
|
</p>
|
|
<p>
|
|
Allowing the enterprise bean to access information about other classes and to access the classes in a
|
|
manner that is normally disallowed by the Java programming language could compromise security.
|
|
</p>
|
|
</blockquote>
|
|
|
|
</overview>
|
|
<references>
|
|
|
|
|
|
<li>
|
|
<a href="http://jcp.org/aboutJava/communityprocess/final/jsr220/index.html">
|
|
JSR-220 Enterprise JavaBeans 3.0 Final Release</a> (ejbcore),
|
|
Section 21.1.2 Programming Restrictions
|
|
</li>
|
|
|
|
|
|
</references>
|
|
</qhelp>
|