...
| Code Block |
|---|
public interface CallBack {
void callMethod();
}
class CallBackImpl implements CallBack {
public void callMethod() {
System.out.println("Callback invoked");
}
}
class Client {
CallBack callback;
public void registerCallback(CallBack callback) {
this.callback = callback;
}
public void doSomething() {
callback.callMethod();
}
public static void main(String[] args) {
Client client = new Client();
CallBack myCallback = new CallBackImpl();
client.registerCallback( myCallback);
// ...
client.doSomething(); // prints "Callback invoked"
}
} |
Frequently, callback methods are given full privileges which can make them attractive targets. If these methods accept arguments Callback methods are often invoked with no changes in privileges. This means that they may be executed in a context that has more privileges than the context in which they are declared. If these callback methods accept data from untrusted code, privilege escalation may occur.
...