Sensitive fields declared as public and static can be modified by untrusted code.
package org.apache.xpath.compiler;
public class FunctionTable {
public static FuncLoader m_functions;
}
|
An attacker can replace the function table as follows
FunctionTable.m_functions = <new_table>; |
Replacing the function table gives the attacker access to the XPathContext used to evaluate XPath expression. Static variables are global across a Java runtime environment. They can be used as a communication channel between different application domains (e.g. by code loaded into different class loaders) .
There are several way to tackle this problem
Reduce the scope of static fields.
package org.apache.xpath.compiler;
public class FunctionTable {
private static FuncLoader m_functions;
}
|
Make public static fields final.
package org.apache.xpath.compiler;
public class FunctionTable {
public static final FuncLoader m_functions;
}
|