...
Reads an "unshared" object from the ObjectInputStream. This method is identical to readObject, except that it prevents subsequent calls to readObject and readUnshared from returning additional references to the deserialized instance obtained via this call.
Noncompliant Code Example
This noncompliant code example does something bad using writeUnshared().
| Code Block | ||
|---|---|---|
| ||
// need some code here |
Compliant Solution
This compliant solution overcomes the problem of the NCCE.
| Code Block | ||
|---|---|---|
| ||
// need some code here |
Risk Assessment
Using the writeUnshared() and readUnshared() methods may be bad.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC62-J | medium | low | low | P6 | L2 |
Automated Detection
Automated detection is straightforward.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="eeb4679ce7bd6bb1-25dabe47-4a424a4a-adb48908-aab09631a07aa81015bc333d"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] | [Class ObjectOutputStream | http://download.oracle.com/javase/6/docs/api/java/io/ObjectOutputStream.html] and [Class ObjectInputStream | http://download.oracle.com/javase/6/docs/api/java/io/ObjectInputStream.html]]]></ac:plain-text-body></ac:structured-macro> |