Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.0.3
-
None
-
None
-
None
-
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields
Description
HP Fortify SCA and SciTools Understand were used to perform an application security of the karaf source code.
The call to method setAccessible() on line 355 changes an access specifier. See the external issue link for more information on the subject.
File: client/src/main/java/org/apache/karaf/client/Main.java
Line: 355
Main.java, lines 353-362:
353 try { 354 Field field = terminal.getClass().getSuperclass().getDeclaredField("settings"); 355 field.setAccessible(true); 356 Object settings = field.get(terminal); 357 field = settings.getClass().getDeclaredField("configLastFetched"); 358 field.setAccessible(true); 359 field.setLong(settings, 0L); 360 } catch (Throwable t) { 361 // Ignore 362 }