...
| Code Block | ||
|---|---|---|
| ||
class SuperClass { // SuperClass maintains all banking related data such as account balance
private double balance = 100;
boolean withdraw(double getBalance(amount) {
returnif ((balance; -
amount) }
boolean withdraw(double amount>= 0) {
balance -= amount;
System.out.println("Withdrawal successful. The balance is : " + balance);
return true;
}
return false;
}
void overdraft() { // This method is added at a later date
balance += 300; // Add 300 in case there is an overdraft
System.out.println("Added back-up amount. The balance is :" + balance);
}
}
class SubClass extends SuperClass { // Subclass handles authentication
@Override doubleboolean getBalance() {
// securityManagerCheck()
return super.getBalance();
}
@Override boolean withdraw(double amount) {
// inputValidation(), securityManagerCheck() and authenticateUser()
if ((super.getBalance() - amount) >= 0) {
super.withdraw(amount);
return true;
} elsewithdraw(double amount) {
// return false;
inputValidation(), securityManagerCheck() and authenticateUser()
}return super.withdraw(amount);
}
public static void doLogic(SuperClass sc, double amount) {
if (!sc.withdraw(amount)) {
throw new IllegalStateException();
}
// ...
}
}
|
A new method called overdraft is added by the maintainer of the class SuperClass and the extending class SubClass is not aware of this change. This exposes the client application to malicious invocations. One such example is of the overdraft method being used on the currently in-use object. All security checks are deemed useless in this case. The following class shows how a security check may be bypassed if the client and the subclass are unaware of the superclass's implementation changing.
...
| Code Block | ||
|---|---|---|
| ||
class SubClass extends SuperClass {
// ...
@Override protected void overdraft() { // override
throw new IllegalAccessException();
}
}
|
...