...
| Code Block |
|---|
class MaliciousCallBack implements CallBack {
public void callMethod() {
// Code here gets executed with elevated privileges
}
}
// Client code
public static void main(String[] args) {
CallBack callBack = new MaliciousCallBack();
CallBackAction action = new CallBackAction(callBack);
action.perform(); // Executes malicious code
}
|
Compliant Solution (
...
Callback-
...
Local doPrivileged
...
Block)
According to Oracle's secure coding guidelines [SCG 2010]:
...
This code behaves the same as before, but an attacker can no longer run malicious callback code with elevated privileges. Even though an attacker can pass a malicious callback instance using the constructor of class CallBackAction, the code is not executed with elevated privileges because the malicious instance must contain a doPrivileged block that cannot have the same privileges as trusted code. Additionally, class CallBackAction cannot be subclassed to override the perform() method as it is declared final.
Compliant Solution (
...
Declare Callback Final)
This compliant solution declares the UserLookupCallBack class final to prevent overriding of callMethod().
...