hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
haby0
2021-03-18 18:58:33 +08:00
committed by haby0
parent 7cf2e9ed79
commit 735ab28040
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.qhelp
View File

@@ -3,9 +3,10 @@
<overview>
<p>
Dynamically loaded classes could contain malicious code executed by a static class initializer.
I.E. you wouldn't even have to instantiate or explicitly invoke methods on such classes to be
vulnerable to an attack.
Allowing users to freely select a class to load can result in invocation of unexpected dangerous code.
Dynamically loaded classes could contain dangerous code executed by a constructor or
static class initializer, which means a vulnerability can rairse even without invoking methods
on such classes to be vulnerable to an attack.
</p>
</overview>