Reports calls to java.lang.System.loadLibrary(), java.lang.System.load(), java.lang.Runtime.loadLibrary() and java.lang.Runtime.load() which take a dynamically-constructed string as the name of the library.

Constructed library name strings are a common source of security breaches. By default, this inspection ignores compile-time constants.

Example:

  void test(int i) {
    System.loadLibrary("foo" + i);
  }

Use the inspection settings to consider any static final fields as constant. Be careful, because strings like the following will be ignored when the option is enabled:

  private static final String LIBRARY = getUserInput();