...
| Code Block | ||
|---|---|---|
| ||
public class BankOperations {
public static boolean initialized = false;
public BankOperations() {
if (!performSSNVerification()) {
throw new SecurityException("Invalid SSN!");
}
else
initialized = true;
}
private boolean performSSNVerification() {
return false;
}
public static void greet() {
if(initialized == true) {
System.out.println("Welcome user! You may now use all the features.");
//other authorized code
}
else
System.out.println("You are not permitted!");
}
}
|
Compliant Solution
Another compliant solution is to declare the partially-initialized class final.
| Code Block |
|---|
public final class BankOperations {
...
|
Risk Assessment
Allowing a partially initialized object to be accessed can provide an attacker with an opportunity to exploit the object.
...