...
| Code Block | ||
|---|---|---|
| ||
public class NonFinal {
public NonFinal() {
// invoke java.lang.Object.getClass to get class instance
Class c = getClass();
// confirm class type
if (c != NonFinal.class) {
// check the permission needed to subclass NonFinal
securityManagerCheck();
}
// ...
}
}
|
It is critical to compare the class types and not the class names (OBJ34-J. Compare classes and not class names).
Risk Assessment
Allowing a non-final class or method to be inherited without checking the class instance allows a malicious subclass to misuse the privileges of the class.
...