Created
September 8, 2011 15:03
-
-
Save ungood/1203622 to your computer and use it in GitHub Desktop.
Getting in the backdoor example...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class SensitiveStuff | |
| { | |
| private List<int> doNotAddToMe = new List<int>(); | |
| public IEnumerable<int> DoNotAddToMe | |
| { | |
| get { return doNotAddToMe; } | |
| } | |
| } | |
| public class Spy | |
| { | |
| private SensitiveStuff stuff = new SensitiveStuff(); | |
| public void ThisWillFail() | |
| { | |
| stuff.DoNotAddToMe.Add(3); // Compilation error because DoNotAddToMe exposes IEnumerable which has no Add() method. | |
| } | |
| public void SneakySneaky() | |
| { | |
| var youThoughtYouWereSoSmart = stuff.DoNotAddToMe as IList<T>; | |
| youThoughtYouWereSoSmart.Add(3); // This will succeed, because we have inside knowledge of teh SensitiveStuff class and can force cast it | |
| // to a type that implements .Add() | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment