...
| Code Block | ||
|---|---|---|
| ||
public class BankOperations {
public BankOperations() {
if (!performSSNVerification()) {
throw new SecurityException("Invalid SSN!");
}
}
private boolean performSSNVerification() {
return false; //returns Returns true if data entered is valid, else false. Assume that the attacker just enters invalid SSN.
}
public void greet() {
System.out.println("Welcome user! You may now use all the features.");
}
}
public class UserApp {
public static void main(String[] args) {
BankOperations bo;
try {
bo = new BankOperations();
} catch(SecurityException ex) { bo = null; }
Storage.store(bo);
System.out.println("Proceed with normal logic");
}
}
public class Storage {
private static BankOperations bop;
public static void store(BankOperations bo) {
// onlyOnly store if it is not initialized
if (bop == null) {
if (bo == null) {
System.out.println("Invalid object!");
System.exit(1);
}
bop = bo;
}
}
}
|
...
| Code Block |
|---|
public class Interceptor extends BankOperations {
private static Interceptor stealInstance = null;
public static Interceptor get() {
try {
new Interceptor();
} catch(Exception ex) { } // ignoreIgnore the exception
try {
synchronized(Interceptor.class) {
while (stealInstance == null) {
System.gc();
Interceptor.class.wait(10);
}
}
} catch(InterruptedException ex) { return null; }
return stealInstance;
}
public void finalize() {
synchronized(Interceptor.class) {
stealInstance = this;
Interceptor.class.notify();
}
System.out.println("Stolen the instance in finalize of " + this);
}
}
public class AttackerApp { // Invoke class and gain access to the restrictive features
public static void main(String[] args) {
Interceptor i = Interceptor.get();
Storage.store(i); // Can store the stolen object
i.greet(); // Now invoke any method of BankOperations class
UserApp.main(args); // Invoke the original UserApp
}
}
|
...