SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 128

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 129

changes.mady.by.user Alexandre GIGLEUX

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failing to create a copy of a mutable input may result in a TOCTOU vulnerability or expose internal mutable components to untrusted code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ06-J

Medium

Probable

High

P4

L3

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
PMD.Security-Code-Guidelines.ArrayIsStoredDirectly
FB.MALICIOUS_CODE.EI_EXPOSE_STATIC_REP2
Array is stored directly
May expose internal static state by storing a mutable object into a static field
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
SECURITY.EAB.CPCL, SECURITY.EAB.MPT, SECURITY.EAB.SMO, OOP.MUCOPImplemented
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2384

Mutable members should not be stored or returned directly

Implemented for

arrays

Arrays,

collections

Collections and

Dates

Dates.

Related Vulnerabilities

CVE-2012-0507 describes an exploit that managed to bypass Java's applet security sandbox and run malicious code on a remote user's machine. The exploit created a data structure that is normally impossible to create in Java but was built using deserialization, and the deserialization process did not perform defensive copies of the deserialized data. See the code examples in SER07-J. Do not use the default serialized form for classes with implementation-defined invariants for more information.

Related Guidelines

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 6-2 / MUTABLE-2: Create copies of mutable output values

Bibliography

[Bloch 2008]

Item 39, "Make Defensive Copies When Needed"

[Pugh 2009]

"Returning References to Internal Mutable State"

...


...