SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 30

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 31

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
package Safe;
import java.beans.Beans;

public class Trusted {
  Trusted() { }

  public static <T> T create(Class<T> c) {
    try {     
      ClassLoader cl = new SafeClassLoader();
      Object b = Beans.instantiate(cl, c.getName());
      return c.cast(b);
    } catch(Throwable t) { t.printStackTrace(); /* forward to handler */ }
    return null;
  }
}

// code outside the package
package Attacker;
import Safe.Trusted;

public class Attack {
  public static void main(String[] args) {
    Object o = Trusted.create(Trusted.class); // throws java.lang.IllegalAccessException, o = null
  }
}

Risk Assessment

Misuse of APIs that perform language access checks against the immediate caller only, can break data encapsulation.

...