io.codemodder.codemods.UnsafeReflectionRemediationCodemod.description.md Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of core-codemods Show documentation
Show all versions of core-codemods Show documentation
Codemods for fixing common errors across many Java projects
This change fixes Sonar's [Classes should not be loaded dynamically](https://rules.sonarsource.com/java/RSPEC-2658/) issue by replacing the unsafe class load with a hardened alternative.
The hardened alternative blocks the loading of classes that are well-known to be used by attackers to exploit the application.
Our changes look something like this:
```diff
- Class clazz = Class.forName(untrustedInput);
+ Class clazz = Reflection.loadAndVerify(untrustedInput);
```