...
| Code Block | ||
|---|---|---|
| ||
public RandomAccessFile openFile(final java.io.File f) {
askUserPermission(f.getPath());
// ...
return (RandomAccessFile)AccessController.doPrivileged(new PrivilegedAction <Object>() {
public Object run() {
return new RandomAccessFile(f, f.getPath());
}
});
}
|
The attacker could extend java.io.File as follows:
...
| Code Block | ||
|---|---|---|
| ||
public RandomAccessFile openFile(java.io.File f) {
final java.io.File copy = new java.io.File(f.getPath());
askUserPermission(copy.getPath());
// ...
return (RandomAccessFile)AccessController.doPrivileged(new PrivilegedAction <Object>() {
public Object run() {
return new RandomAccessFile(copy, copy.getPath());
}
});
}
|
Note that using the clone() method instead of the openFile() method would copy the attacker's class, which is not desirable. (Refer to rule OBJ06-J. Defensively copy mutable inputs and mutable internal components.)
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8eddef7f67a4b2f0-39d841fc-470b4210-b6ca8931-4233dd0ebcd99426be71e0d0"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Authentication Logic Error [XZO] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-302. Authentication bypass by assumed-immutable data | ||||
| CWE-470. Use of externally-controlled input to select classes or code ("unsafe reflection") |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f4d6dca5f6fe675f-acf2fab9-468e4335-a047a40d-362d88c4e733be59d14d4c3d"><ac:plain-text-body><![CDATA[ | [[Sterbenz 2006 | AA. References#Sterbenz 06]] | ]]></ac:plain-text-body></ac:structured-macro> |
...