SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 25

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
import java.beans.Beans;

class SafeInstantiateTrusted {
  Trusted { }

  public static <T> T create(Class<T> c) {
    try {    
      SafeClassLoader scl = new SafeClassLoader();   
      ClassLoader cl = scl.getClass().getClassLoader();
      Object b = Beans.instantiate(cl, c.getName());
      return c.cast(b.getClass());
    } catch(Throwable t) { /* forward to handler */ }
      return null;
    }
}

// code outside the package
public static void main(String[] args) {
    TaintedClassTrusted ac1 = new TaintedClassTrusted(); // unprivileged
    Class<?>Trusted c = ac1.getClass();
    TaintedClassTrusted ac2 = (TaintedClassTrusted)SafeInstantiateTrusted.create(c); // loads with the specified classloader
,  }unprivileged
}

Risk Assessment

Misuse of APIs that perform language access checks against the immediate caller only, can break data encapsulation.

...