I scanned my project using IBM AppScan tool. The tool is generated report and it contains one 'Medium' defect type. The defect is: 'PrivilegeEscalation',
Defect detail: CWE-266: Incorrect Privilege Assignment
Defect Detail:
About Issue: PrivilegeEscalation - com.application.....ect;Object):int null
PrivilegeEscalation
Severity: Medium
API: java.lang.reflect.Method.invoke(Object;Object[]); Object
Caller: com.application.TestComparator.compare(Object:Object):int at line 19
Call
method.invoke(classObject.cast(object1),new Object()[][0])
Java Code:
package com.application;
import java.lang.reflect.Method;
import java.util.Comparator;
public class TestComparator implements Comparator {
private Class classObject;
private String functionName;
public TestComparator(Class pojoClass,String methodName){
this.classObject = pojoClass;
this.functionName = methodName;
}
public int compare(Object object1, Object object2) {
try{
Method method =classObject.getMethod(("get"+functionName));
String value1 =method.invoke(classObject.cast(object1)).toString();
String value2 =method.invoke(classObject.cast(object2)).toString();
return value2.compareTo(value1);
}catch(Exception ex){
// ex.printStackTrace();
}
return 0;
}}
Please help me Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire