Kingdom: Input Validation and Representation

Input validation and representation problems ares caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input. The issues include: "Buffer Overflows," "Cross-Site Scripting" attacks, "SQL Injection," and many others.

Access Specifier Manipulation

Java/JSP
Ruby

Abstract

The method call changes an access specifier.

Explanation

The AccessibleObject API allows the programmer to get around the access control checks provided by Java access specifiers. In particular it enables the programmer to allow a reflected object to bypass Java access controls and in turn change the value of private fields or invoke private methods, behaviors that are normally disallowed.

desc.dataflow.java.access_specifier_manipulation

Abstract

The method call changes or works around an access specifier.

Explanation

The send function and its variants allow programmers to work around Ruby access specifiers on functions. In particular it enables the programmer to access private and protected fields and functions, behaviors that are normally disallowed.

desc.structural.ruby.access_specifier_manipulation