...
| Wiki Markup |
|---|
This noncompliant code example usesextends the {{java.math.BigInteger}} class. This class is non-final and consequently extendable. This can be a problem when operating on an instance of {{BigInteger}} that was obtained from an untrusted client. For example, a malicious client could construct a spurious mutable {{BigInteger}} instance by overriding {{BigInteger}}'s member functions \[[Bloch 2008|AA. References#Bloch 08]\]. |
...
| Code Block | ||
|---|---|---|
| ||
BigInteger msg = new BigInteger("123");
msg = msg.modPow(exp, m); // Always returns 1
// Malicious subclassing of java.math.BigInteger
class BigInteger extends java.math.BigInteger {
private int value;
public BigInteger(String str) {
super(str);
value = Integer.parseInt(str);
}
public void setValue(int value) {
this.value = value;
}
@Override public java.math.BigInteger modPow(
java.math.BigInteger exponent, java.math.BigInteger m) {
this.value = ((int) (Math.pow(this.doubleValue(),
exponent.doubleValue()))) % m.intValue();
return this;
}
}
|
This Unlike the benign BigInteger class, this malicious BigInteger class is clearly mutable because of the setValue() method. Furthermore, the malicious modPow() method (which overrides a benign modPow() method) is subject to precision loss. (See rules NUM00-J. Detect or prevent integer overflow, NUM08-J. Check floating-point inputs for exceptional values, NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data, and NUM13-J. Avoid loss of precision when converting primitive integers to floating-point for more information.) Any code that receives an object of this class and assumes that the object is immutable will behave unexpectedly. This is particularly important because the BigInteger.modPow() method has several useful cryptographic applications.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f29af66ac40af608-5765d5c6-4f064587-ad7e9247-c0d2a7accfd11e98054b039f"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] | Class BigInteger | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4a3a0ceb0d92b9ad-48f8bcb0-4be74554-9b45b3fd-7ccad99a8f935553e0561f30"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. References#Bloch 08]] | Item 1. Consider static factory methods instead of constructors | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6e91390c5d3931e2-652b8192-48bf487b-a28c9238-fdf0637cb049186e725cb14f"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. References#Gong 03]] | Chapter 6, Enforcing Security Policy | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="68e3885c23cc5416-0acd1950-429b4152-a660a65d-e00d425eaac89b0ca7f691fe"><ac:plain-text-body><![CDATA[ | [[Lai 2008 | AA. References#Lai 08]] | Java Insecurity, Accounting for Subtleties That Can Compromise Code | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="442c76df6ffe8483-3fe088b4-4cfd4a56-82b6ae63-62c2bee4c5eea987e0f56bd3"><ac:plain-text-body><![CDATA[ | [[McGraw 1999 | AA. References#McGraw 99]] | Chapter Seven, Rule 3. Make everything final, unless there's a good reason not to | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e1a01b42ba1d1fbe-b0673473-4d8e4e83-9514811c-2e77dfb8381a13bc9df88b8c"><ac:plain-text-body><![CDATA[ | [[Ware 2008 | AA. References#Ware 08]] | ]]></ac:plain-text-body></ac:structured-macro> |
...