CRV2 RevCodeReflectedAntiPatternJava

=Reflection Security Issues=

Java reflection is a mechanism used by Java programs given them the ability to change the runtime actions of the application running within the Java Virtual Machine (JVM). It makes it easier for developers to write programs because it helps gather information to implement proper analysis by the software itself (Schildt, 2011), however it compromises the systems because malware can easily bypass the security around the JVM.

Two security vulnerabilities found regarding the use of Java Reflection are CVE-2012-4681 and CVE-2012-5076. Both of them are related to Java Applets and another common factor is the use of Java reflection.

What to look in the code
In order to avoid this security issues, make sure that
 * Java Runtime Environment (JRE) is higher that Java SE 7 Update 6 version
 * the use of classes such as com.sun.beans.finder.ClassFinder.findClass
 * Private structure using AccessibleObject.setAccessible because it breaks the encapsulation
 * Use of sun.misc.Unsafe providing direct access to memory
 * Verify correct Implementation of java.lang.reflect.ReflectPermission following best practices as described in Oracle Documents, September 2011