...
The permission ReflectPermission with action suppressAccessChecks should also not be granted so that the security manager blocks attempts to access private fields of other classes. (See SEC32-J. Do not grant ReflectPermission with action suppressAccessChecks)
Noncompliant Code Example
The class Trusted uses a package-private constructor in this noncompliant code example. It is desired that the code that exists outside the package be not allowed to create a new instance of an arbitrary class. However, since the API is public, it fails to achieve this condition. The bigger problem is that the attacker can exploit the method to create an instance of an arbitrary class as opposed to a trusted class.
| Code Block | ||
|---|---|---|
| ||
public class Trusted {
Trusted() { }
public static <T> T create(Class<T> c) throws Exception {
return c.newInstance();
}
}
|
Compliant Solution
| Code Block | ||
|---|---|---|
| ||
TODO
|
Risk Assessment
Misuse of APIs that perform language access checks against the immediate caller only, can break data encapsulation.
...