...
This compliant solution ensures that the java.io.File object can be trusted , despite not being final. The solution creates a new File object using the standard constructor. This ensures that any methods invoked on the File object are the standard library methods rather than overriding methods potentially provided by the attacker.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="15c73f686f153794-51b91c05-4b414eac-9ece8757-aa9f2ad58ad27b0cec56a37e"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Authentication Logic Error [XZO]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE ID -302, "Authentication Bypass by Assumed-Immutable Data" | ||||
| CWE ID -470, "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="45de918c16d125b1-6cc7b3a2-439e43e6-8011b0e4-484e60b19883eb73fe782dbe"><ac:plain-text-body><![CDATA[ | [[Sterbenz 2006 | AA. Bibliography#Sterbenz 06]] | ]]></ac:plain-text-body></ac:structured-macro> |
...