• Home
• io.github.erroraway
• sonar-erroraway-sonar-plugin
• 2.2.0
• source code
• UnsafeReflectiveConstructionCast.md

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

errorprone.bugpattern.UnsafeReflectiveConstructionCast.md Maven / Gradle / Ivy

Prefer `asSubclass` instead of casting the result of `newInstance` to detect
classes of incorrect type before invoking their constructors. This way, if the
class is of the incorrect type, it will throw an exception before invoking its
constructor.

```java
(Foo) Class.forName(someString).getDeclaredConstructor(...).newInstance(args);
```

Should be written as

```java
Class.forName(someString).asSubclass(Foo.class).getDeclaredConstructor(...).newInstance();
```

This has caused issues in the past:

CVE-2014-7911 - http://seclists.org/fulldisclosure/2014/Nov/51