fudbugs 求助怎么修改
这个bug怎么修改啊?
package com.thunisoft.oa.common.utils;
import java.util.Properties;
import com.thunisoft.artery.module.config.PropertyPlaceholderConfigurerEx;
import com.thunisoft.summer.component.crypto.defaultDecrypt.DESedeDecryptor;
public class PropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurerEx {
private static DESedeDecryptor decryptor = new DESedeDecryptor();
protected String resolvePlaceholder(String placeholder, Properties props) {
String value = super.resolvePlaceholder(placeholder, props);
if (null != value) {
if (value.startsWith("ENCRYPT#")) {
value = decryptor.decrypt(value.substring("ENCRYPT#".length()));
}
}
return value;
}
}
Bug: com.thunisoft.oa.common.utils.PropertyPlaceholderConfigurer.<static initializer>() creates a com.thunisoft.summer.component.crypto.defaultDecrypt.DESedeDecryptor classloader, which should be performed within a doPrivileged block
Pattern id: DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED, type: DP, category: BAD_PRACTICE
This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.