29 lines
721 B
Plaintext
29 lines
721 B
Plaintext
Dynamically loaded classes could contain malicious code executed by a static class initializer. I.E. you wouldn't even have to instantiate or explicitly invoke methods on such classes to be vulnerable to an attack.
|
|
|
|
|
|
This rule raises an issue for each use of dynamic class loading.
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
String className = System.getProperty("messageClassName");
|
|
Class clazz = Class.forName(className); // Noncompliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|