...
Note that using the clone() method instead of the openFile() method would copy the attacker's class, which is not desirable. (Refer to rule OBJ14-J. Defensively copy mutable inputs and mutable internal componentcomponents.)
Risk Assessment
Basing security checks on untrusted sources can result in the check being bypassed.
...