...
| Code Block | ||
|---|---|---|
| ||
public class SensitiveClass extends Number {
// ..implement abstract methods, such as Number.doubleValue()â���������€š�š�š�š�¦â����������‚�š�š�š�š�¦
private static final SensitiveClass INSTANCE = new SensitiveClass();
public static SensitiveClass getInstance() {
return INSTANCE;
}
private SensitiveClass() {
// Perform security checks and parameter validation
}
protected int getBalance() {
int balance = 1000;
return balance;
}
}
class Malicious {
public static void main(String[] args) {
SensitiveClass sc =
(SensitiveClass) deepCopy(SensitiveClass.getInstance());
// Prints false; indicates new instance
System.out.println(sc == SensitiveClass.getInstance());
System.out.println("Balance = " + sc.getBalance());
}
// This method should not be used in production code
static public Object deepCopy(Object obj) {
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
new ObjectOutputStream(bos).writeObject(obj);
ByteArrayInputStream bin =
new ByteArrayInputStream(bos.toByteArray());
return new ObjectInputStream(bin).readObject();
} catch (Exception e) {
throw new IllegalArgumentException(e);
}
}
}
|
...