[KARAF-4203] Access Specifier Manipulation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 4.0.3
Fix Version/s: None
Component/s: None
Labels:
None

External issue URL:
https://www.securecoding.cert.org/confluence/display/java/SEC05-J.+Do+not+use+reflection+to+increase+accessibility+of+classes,+methods,+or+fields
External issue ID:
SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields

Description

HP Fortify SCA and SciTools Understand were used to perform an application security of the karaf source code.

The call to method setAccessible() on line 355 changes an access specifier. See the external issue link for more information on the subject.

File: client/src/main/java/org/apache/karaf/client/Main.java
Line: 355

Main.java, lines 353-362:

353 try {
354     Field field = terminal.getClass().getSuperclass().getDeclaredField("settings");
355     field.setAccessible(true);
356     Object settings = field.get(terminal);
357     field = settings.getClass().getDeclaredField("configLastFetched");
358     field.setAccessible(true);
359     field.setLong(settings, 0L);
360 } catch (Throwable t) {
361     // Ignore
362 }

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Eduardo Aguinaga

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Dec/15 15:34

Updated:: 20/Oct/16 19:02

Resolved:: 20/Oct/16 19:01