Call to 'System.loadLibrary()' with non-constant string
Reports calls to java.lang.System.loadLibrary(), java.lang.System.load(), java.lang.Runtime.loadLibrary() and java.lang.Runtime.load() which take a dynamically-constructed string as the name of the library.
Constructed library name strings are a common source of security breaches. By default, this inspection ignores compile-time constants.
Example:
void test(int i) {
System.loadLibrary("foo" + i);
}
Use the inspection settings to consider any static final fields as constant. Be careful, because strings like the following will be ignored when the option is enabled:
private static final String LIBRARY = getUserInput();
Inspection options
Option | Type | Default |
|---|---|---|
Consider 'static final' fields constant | Checkbox | false |
Inspection Details | |
|---|---|
Available in: | IntelliJ IDEA 2023.3, Qodana for JVM 2023.3 |
Plugin: | Java, 233.SNAPSHOT |
Last modified: 13 July 2023