...
| Code Block | ||
|---|---|---|
| ||
private static class CalendarAccessControlContext {
private static final AccessControlContext INSTANCE;
static {
RuntimePermission perm = new RuntimePermission(""accessClassInPackage.sun.util.calendar"");
PermissionCollection perms = perm.newPermissionCollection();
perms.add(perm);
INSTANCE = new AccessControlContext(new ProtectionDomain[] {
new ProtectionDomain(null, perms)
});
}
}
// ...
try {
zi = AccessController.doPrivileged(
new PrivilegedExceptionAction<ZoneInfo>PrivilegedExceptionAction<ZoneInfo>() {
public ZoneInfo run() throws Exception {
return (ZoneInfo) input.readObject();
}
}, CalendarAccessControlContext.INSTANCE);
} catch (PrivilegedActionException pae) { /* ... */ }
} catch (Exception e) { }
if (zi != null) {
zone = zi;
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] TODO |
...
SER36-J. Do not use the default serialized form for implementation defined invariants 14. Serialization (SER) 49. Miscellaneous (MSC)