You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With bytecode mocking on the way out anyway and mocking as one of the few use cases to extend some of the base classes, we could investigate making more classes (e.g. Handle) final.
The text was updated successfully, but these errors were encountered:
Finalizers are deprecated for removal, so I think this attack will become moot soon.
If an attacker can inject code to extend Jdbi, they can already make arbitrary calls to the database through the already-available API, so I don't know that this is really a new vulnerability for us.
spotbugs added https://spotbugs.readthedocs.io/en/stable/bugDescriptions.html#ct-constructor-throw, which is an unlikely attack vector that can be mitigated by making classes final.
With bytecode mocking on the way out anyway and mocking as one of the few use cases to extend some of the base classes, we could investigate making more classes (e.g. Handle) final.
The text was updated successfully, but these errors were encountered: