EJB Bad Practices: Use of Class Loader

Draft Variant

Structure: Simple

Description

This vulnerability occurs when an Enterprise JavaBeans (EJB) component directly manipulates the Java class loader, violating the EJB specification's security and portability rules.

Extended Description

The EJB specification establishes clear programming boundaries to ensure beans are portable and securely managed across different container implementations. One of these critical rules explicitly forbids beans from performing low-level JVM operations, including creating or accessing class loaders, modifying security managers, or interfering with system streams. These functions are reserved exclusively for the EJB container itself to maintain a consistent and controlled runtime environment. When a bean bypasses these restrictions, it undermines the container's ability to enforce security policies and manage resources effectively. This can lead to serious security issues, such as class loading conflicts, privilege escalation, or instability, and it breaks the portability guarantee, meaning the bean may fail or behave unpredictably when deployed to a different EJB-compliant application server.

Common Consequences 1

Scope: ConfidentialityIntegrityAvailabilityOther

Impact: Execute Unauthorized Code or CommandsVaries by Context

Potential Mitigations 1

Phase: Architecture and DesignImplementation

Do not use the Class Loader when writing EJBs.

Demonstrative Examples 2

The following Java example is a simple stateless Enterprise JavaBean that retrieves the interest rate for the number of points for a mortgage. The interest rates for various points are retrieved from an XML document on the local file system, and the EJB uses the Class Loader for the EJB class to obtain the XML document from the local file system as an input stream.

Code Example:

Bad

Java

java

// get XML document from the local filesystem as an input stream*

java

java

This use of the Java Class Loader class within any kind of Enterprise JavaBean violates the restriction of the EJB specification against obtaining the current class loader as this could compromise the security of the application using the EJB.

An EJB is also restricted from creating a custom class loader and creating a class and instance of a class from the class loader, as shown in the following example.

Code Example:Bad
Java
java

Applicable Platforms

Languages:

Java : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Improper Following of Specification by Caller (CWE-573)

Taxonomy Mapping

Software Fault Patterns