Avoid calling overridable function from constructor

When a constructor calls an overridable function, it may allow an attacker to access the "this" reference prior to the object being fully initialized, which can in turn lead to a vulnerability.

Application -> getLocalPath
ProxyPanel -> get
AbortPanel -> get
RotatingBackgrounds -> makeEmpty

(Triggered by internal security audit and Fortify analysis.)
This commit is contained in:
Daniel Gredler
2018-09-13 16:20:53 -04:00
parent 712b06f8fb
commit fdd767086a
5 changed files with 6 additions and 6 deletions
@@ -36,7 +36,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
* Parses and provide access to the information contained in the <code>getdown.txt</code>
* configuration file.
*/
public class Application
public final class Application
{
/** The name of our configuration file. */
public static final String CONFIG_FILE = "getdown.txt";