...
| Code Block | ||
|---|---|---|
| ||
package Safe;
public class Trusted {
Trusted() { } // package private constructor
public static <T> T create(Class<T> c) throws throws InstantiationException, IllegalAccessException {
return c.newInstance();
}
}
package Attacker;
import Safe.Trusted;
public class Attack {
public static void main(String[] args) throws InstantiationException, IllegalAccessException {
System.out.println(Trusted.create(Trusted.class)); // succeeds
}
}
|
...