...
A method that passes untrusted inputs to the Class.forName() method might permit an attacker to access classes with escalated privileges. The single argument Class.forName() method is another API method that uses its immediate caller's class loader to load a requested class. Untrusted code can misuse this API to indirectly manufacture classes that have the same privileges as those of the attacker's immediate caller.
| Code Block | ||||
|---|---|---|---|---|
| ||||
public Class loadClass(String className) {
// className may be the name of a privileged or even a malicious class
return Class.forName(className);
}
|
Compliant Solution
...
This compliant solution hard-codes the class's name.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
public Connection getConnection(String url, String username, String password) {
// ...
return DriverManager.getConnection(url, username, password);
}
|
Compliant Solution
The getConnection() method is unsafe because it uses the url to indicate a class to be loaded; this class serves as the database driver. This compliant solution prevents a malicious user from supplying their own URL to the database connection; thereby limiting their ability to load untrusted drivers.
...