cmiyachi opened a new issue, #14421: URL: https://github.com/apache/grails-core/issues/14421
### Task List Veracode scan finds a medium security flaw in this file for the function ServiceDefinition on line / around 261. There is little verification of the strings passed. This is a static scan which just looks at the code itself. ### Environment Information - **Operating System**: TOD - **GORM Version:** TODO - **Grails Version (if using Grails):** TODO - **JDK Version:** TODO ### Example Application Information from the Veracode scan: A call uses reflection in an unsafe manner. An attacker can specify the class name to be instantiated, which may create unexpected control flow paths through the application. Depending on how reflection is being used, the attack vector may allow the attacker to bypass security checks or otherwise cause the application to behave in an unexpected manner. Even if the object does not implement the specified interface and a ClassCastException is thrown, the constructor of the untrusted class name will have already executed. Veracode recommends: Validate the class name against a combination of white and black lists to ensure that only expected behavior is produced. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
