Maximum Strengthening: Reflection Access Specifier Manipulation Used to Call a Private Constructor

Question

Maximum Strengthening: Reflection Access Specifier Manipulation Used to Call a Private Constructor

I used reflection to invoke the private constructor of the class to solve the lack of branch problem shown in the sonar scan report. This is a snippet of my code that I worked:

// reflection to access a private constructor of a class Constructor<CMISBridgeMaps> c = CMISBridgeMaps.class.getDeclaredConstructor(new Class[0]); c.setAccessible(true); cmisBridgeMaps = c.newInstance(new Object[0]);

In the above code, the critical sonar scan problem has been resolved. But unfortunately, fortify now shows a problem with processing the Access specifier in the following line:

 c.setAccessible(true);

How can I solve problems with strengthening and sonar? Any help would be greatly appreciated.

+5

java junit sonarqube fortify

Vijaya pandey Jan 26 '17 at 17:00

source share

1 answer

Vidyasagar gayakwad · Answer 1 · 2017-12-13T05:24:38+0000

If you use Spring, you can use ReflectionUtils.makeAccessible(field) to make this field available. Fortify does not complain about this setting.

You can learn more about this in this article .

Maximum Strengthening: Reflection Access Specifier Manipulation Used to Call a Private Constructor

More articles: