SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 23

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
public class Trusted {
  Trusted() { }
  public static <T> T create(Class<T> c) throws Exception {
    return c.newInstance();
  }
}

Compliant Solution

This compliant solution uses the java.beans.Beans API to explicitly specify the class loader that should be used to load the class obtained as the parameter. The attacker is unable to create an instance of the supplied class by using the current class loader.

Code Block
bgColor#ccccff

TODO
import java.beans.Beans;

class SafeInstantiate {
  public static <T> T create(Class<T> c) {
    try {    
      SafeClassLoader scl = new SafeClassLoader();   
      ClassLoader cl = scl.getClass().getClassLoader();
      Object b = Beans.instantiate(cl, c.getName());
      return c.cast(b.getClass());
    } catch(Exception e) { /* forward to handler */ }
      return null;
    }
  public static void main(String[] args) {
    TaintedClass ac1 = new TaintedClass(); // unprivileged
    Class<?> c = ac1.getClass();
    TaintedClass ac2 = (TaintedClass)SafeInstantiate.create(c); // loads with the specified classloader
  }
}

Risk Assessment

Misuse of APIs that perform language access checks against the immediate caller only, can break data encapsulation.

...