SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 62

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 63

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: done

...

Avoid using home-brewed cryptographic algorithms; such algorithms almost certainly introduce unnecessary vulnerabilities. Applications that apply home-brewed "cryptography" in the readObject() and writeObject() methods are prime examples of anti-patterns.

Wiki Markup
Furthermore, Abadi and Needham have suggested \[[Abadi 1996|AA. Bibliography#Abadi 96]\] a useful principle of secure software design

When a principal signs material that has already been encrypted, it should not be inferred that the principal knows the content of the message. On the other hand, it is proper to infer that the principal that signs a message and then encrypts it for privacy knows the content of the message.

Wiki Markup
The rationale is that any malicious party can intercept the originally signed encrypted message from the originator, strip the signature and add its own signature to the encrypted message. Both the malicious party, and the receiver have no information about the contents of the original message as it is encrypted and then signed (it can only be decrypted after verifying the signature). The receiver has no way of confirming the sender's identity unless the legitimate sender's public key is obtained over a secure channel. One of the three CCITT X.509 standard protocols was susceptible to such an attack \[[CCITT 1988|AA. Bibliography#CCITT 88]\].

This rule involves the intentional serialization of sensitive information. See SER03-J. Do not serialize unencrypted, sensitive data about preventing the unintentional serialization of sensitive information.

Noncompliant Code Example

Code examples are all based upon the following code example.

This rule applies to the intentional serialization of sensitive information. Rule SER03-J. Do not serialize unencrypted, sensitive data is meant to prevent the unintentional serialization of sensitive information.

Noncompliant Code Example

Code examples are all based upon the following code example.

Code Block

class SerializableMap<K,V> implements Serializable {
  final static long serialVersionUID = -2648720192864531932L;
  private Map<K,V> map;
  
  public SerializableMap() {
    map = new HashMap<K,V>();
  }

  public Object getData(K key)  {
    return map.get(key);
  }

  public void setData(K key, V data)  {
    map.put(key, data);
  }
}

public class MapSerializer {
  public static SerializableMap<String, Integer> buildMap() {
    SerializableMap<String, Integer> map = new SerializableMap<String, Integer>();
    map.setData("John Doe", new Integer(123456789));
    map.setData("Richard Roe", new Integer(246813579));
    return map;
  }

  public static void InspectMap(SerializableMap<String, Integer> map) {
    System.out.println("John Doe's number is " + map.getData("John Doe"));
    System.out.println("Richard Roe's number is " + map.getData("Richard Roe"));
  }

  public static void main(String[] args
Code Block

class SerializableMap<K,V> implements Serializable {
  final static long serialVersionUID = -2648720192864531932L;
  private Map<K,V> map;
  
  public SerializableMap() {
    map = new HashMap<K,V>();// ...
  }

  public Object getData(K key)  {
    return map.get(key);
  }

  public void setData(K key, V data)  {
    map.put(key, data);
  }
}


public class MapSerializer {
  public static SerializableMap<String, Integer> buildMap() {
    SerializableMap<String, Integer> map = new SerializableMap<String, Integer>();
    map.setData("John Doe", new Integer(123456789));
    map.setData("Richard Roe", new Integer(246813579));
    return map;
  }

  public static void InspectMap(SerializableMap<String, Integer> map) {
    System.out.println("John Doe's number is " + map.getData("John Doe"));
    System.out.println("Richard Roe's number is " + map.getData("Richard Roe"));
  }

  public static void main(String[] args) {
    // ...
  }
}

This code sample posits a serializable map, as well as a method to populate the map with interesting values, and a method to check the map for those values.

This noncompliant code example simply serializes the map and then deserializes it. Consequently, the map is capable of being serialized and transferred across different business tiers. Unfortunately, there are no safeguards against byte stream manipulation attacks while the binary data is in transit. Likewise, anyone can reverse engineer the serialized stream data from its hexadecimal notation to reveal the data in the HashMap.

}

This code sample defines a serializable map, a method to populate the map with values, and a method to check the map for those values.

This noncompliant code example simply serializes the map and then deserializes it. Consequently, the map is capable of being serialized and transferred across different business tiers. Unfortunately, there are no safeguards against byte stream manipulation attacks while the binary data is in transit. Likewise, anyone can reverse engineer the serialized stream data from its hexadecimal notation to reveal the data in the HashMap.

Code Block
bgColor#FFcccc

public static void main(String[] args)
  throws IOException, ClassNotFoundException {
  // Build map
  SerializableMap<String, Integer> map = buildMap();

  // Serialize map
  ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data"));
  out.writeObject(map);
  out.close();

  // Deserialize map
  ObjectInputStream in = new ObjectInputStream(new FileInputStream("data"));
  map = (SerializableMap<String, Integer>) in.readObject();
  in.close();

  // Inspect map
  InspectMap(map);
}

If the data in the map is considered sensitive, this example will also violate SER03-J. Do not serialize unencrypted, sensitive data.

Noncompliant Code Example (Seal)

This noncompliant code example uses the javax.crypto.SealedObject class to provide message confidentiality. This class encapsulates a serialized object and encrypts (or seals) it. A strong cryptographic algorithm that uses a secure cryptographic key and padding scheme must be employed to initialize the Cipher object parameter. The seal and unseal utility methods provide the encryption and decryption facilities respectively.

This noncompliant code example encrypts the map into a SealedObject, rendering the data inaccessible to prying eyes. However, because the data is not signed, it provides no proof of authentication.

Code Block
bgColor#FFcccc
public static void main(String[] args)
  throws IOException, GeneralSecurityException, ClassNotFoundException {
  // Build map
  SerializableMap<String, Integer> map = buildMap();

  // Serialize Generate sealing key & seal map
  ObjectOutputStreamKeyGenerator outgenerator;
 = newgenerator ObjectOutputStream(new FileOutputStream= KeyGenerator.getInstance("dataAES"));
  out.writeObject(mapgenerator.init(new SecureRandom());
  Key key out= generator.closegenerateKey();

  // Deserialize map
  ObjectInputStream inCipher cipher = new ObjectInputStream(new FileInputStreamCipher.getInstance("dataAES"));
  map = (SerializableMap<String, Integer>) in.readObject(cipher.init(Cipher.ENCRYPT_MODE, key);
  in.close(SealedObject sealedMap = new SealedObject(map, cipher);

  // InspectSerialize map
  ObjectOutputStream out = new ObjectOutputStream(new InspectMap(map);
}

If the data in the map is considered sensitive, this example will also violate SER03-J. Do not serialize unencrypted, sensitive data.

Noncompliant Code Example (Seal)

This noncompliant code example uses the javax.crypto.SealedObject class to provide message confidentiality. This class encapsulates a serialized object and encrypts (or seals) it. A strong cryptographic algorithm that uses a secure cryptographic key and padding scheme must be employed to initialize the Cipher object parameter. The seal and unseal utility methods provide the encryption and decryption facilities respectively.

This noncompliant code example encrypts the map into a SealedObject, rendering the data inaccessible to prying eyes. However, because the data is not signed, it provides no proof of authentication.

Code Block
bgColor#FFcccc

public static void main(String[] args)
  throws IOException, GeneralSecurityException, ClassNotFoundException {
  // Build map
  SerializableMap<String, Integer> map = buildMap(FileOutputStream("data"));
  out.writeObject(sealedMap);
  out.close();

  // Deserialize map
  ObjectInputStream in = new ObjectInputStream(new FileInputStream("data"));
  sealedMap = (SealedObject) in.readObject();
  in.close();

  // Unseal map
  cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.DECRYPT_MODE, key);
  map = (SerializableMap<String, Integer>) sealedMap.getObject(cipher);

  // Generate sealing key & seal Inspect map
  KeyGenerator generator;
  generator = KeyGenerator.getInstance("AES"InspectMap(map);
}

Noncompliant Code Example (Seal then Sign)

Use the java.security.SignedObject class to sign an object, when the integrity of the object is to be ensured. The two new arguments passed in to the SignedObject() method to sign the object are Signature and a private key derived from a KeyPair object. To verify the signature, a PublicKey as well as a Signature argument is passed to the SignedObject.verify() method.

This noncompliant code example signs the object as well as seals it. Unfortunately, the signing occurs after the sealing. As discussed earlier, anyone can sign a sealed object, and so it cannot be assumed that the signer is the true originator of the object.

Code Block
bgColor#FFcccc

public static void main(String[] args)
  throws IOException, GeneralSecurityException, ClassNotFoundException {
  // Build map
  SerializableMap<String, Integer> map = buildMap();

  // Generate sealing key & seal map
  KeyGenerator generator;
  generator = KeyGenerator.getInstance("AES");
  generator.init(new SecureRandom());
  Key key = generator.generateKey();
  Cipher );
  generator.init(new SecureRandom());
  Key key = generator.generateKey();
  Cipher cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.ENCRYPT_MODE, key);
  SealedObject sealedMap = new SealedObject(map, cipher);

  // Serialize map
  ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data"));
  out.writeObject(sealedMap);
  out.close();

  // Deserialize map
  ObjectInputStream in = new ObjectInputStream(new FileInputStream("data"));
  sealedMap = (SealedObject) in.readObject();
  in.close();

  // Unseal map
  cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.DECRYPTENCRYPT_MODE, key);
  SealedObject mapsealedMap = new SealedObject(SerializableMap<Stringmap, Integer>) sealedMap.getObject(cipher);

  // Generate signing public/ Inspectprivate key pair & sign map
  KeyPairGenerator kpg = InspectMap(mapKeyPairGenerator.getInstance("DSA");
}

Noncompliant Code Example (Seal, Sign)

Use the java.security.SignedObject class to sign an object, when the integrity of the object is to be ensured. The two new arguments passed in to the SignedObject() method to sign the object are Signature and a private key derived from a KeyPair object. To verify the signature, a PublicKey as well as a Signature argument is passed to the SignedObject.verify() method.

This noncompliant code example signs the object as well as seals it. Unfortunately, the signing occurs after the sealing. As discussed earlier, anyone can sign a sealed object, and so it cannot be assumed that the signer is the true originator of the object.

Code Block
bgColor#FFcccc

public static void main(String[] args)
  throws IOException, GeneralSecurityException, ClassNotFoundException {
  // Build map
  SerializableMap<String, Integer> map = buildMap  KeyPair kp = kpg.generateKeyPair();
  Signature sig = Signature.getInstance("SHA1withDSA");
  SignedObject signedMap = new SignedObject(sealedMap, kp.getPrivate(), sig);

  // Serialize map
  ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data"));
  out.writeObject(signedMap);
  out.close();

  // Generate sealing key & seal Deserialize map
  KeyGeneratorObjectInputStream generator;
in = generatornew = KeyGenerator.getInstanceObjectInputStream(new FileInputStream("AESdata"));
  signedMap = generator.init(new SecureRandom()SignedObject) in.readObject();
  Key key = generator.generateKeyin.close();

  Cipher// cipherUnsign = Cipher.getInstance("AES");
  cipher.init(Cipher.ENCRYPT_MODE, key);
  SealedObject sealedMap = new SealedObject(map, cipher);

  // Generate signing public/private key pair & sign map
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSAmap
  if (!signedMap.verify(kp.getPublic(), sig)) {
    throw new GeneralSecurityException("Map failed verification");
  }
  sealedMap = (SealedObject) signedMap.getObject();

  // Unseal map
  cipher = Cipher.getInstance("AES");
  KeyPair kp = kpg.generateKeyPair(cipher.init(Cipher.DECRYPT_MODE, key);
  Signature sigmap = Signature.getInstance("SHA1withDSA");
  SignedObject signedMap = new SignedObject(sealedMap, kp.getPrivate(), sig)(SerializableMap<String, Integer>) sealedMap.getObject(cipher);

  // SerializeInspect map
  ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data"));
  out.writeObject(signedMap);InspectMap(map);
}

Compliant Solution (Sign then Seal)

This compliant solution correctly signs the object before sealing it. This provides a guarantee of authenticity to the object, in addition to protection from man-in-the-middle attacks.

Code Block
bgColor#ccccff

public static void main(String[] args)
  throws IOException, GeneralSecurityException, ClassNotFoundException {
  out.close();

  // Deserialize map
  ObjectInputStream in = new ObjectInputStream(new FileInputStream("data"));
  signedMap = (SignedObject) in.readObject();
  in.close();

  // UnsignBuild map
  if (!signedMap.verify(kp.getPublic()SerializableMap<String, sig)) {
    throw new GeneralSecurityException("Map failed verification"Integer> map = buildMap();

  }
// Generate sealedMapsigning = (SealedObject) signedMap.getObject();

  // Unseal map
  cipher = Cipherpublic/private key pair & sign map
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("AESDSA");
  KeyPair kp = cipherkpg.init(Cipher.DECRYPT_MODE, keygenerateKeyPair();
  Signature mapsig = (SerializableMap<String, Integer>) sealedMap.getObject(cipherSignature.getInstance("SHA1withDSA");
  SignedObject signedMap = new SignedObject(map, kp.getPrivate(), sig);

  // Inspect Generate sealing key & seal map
  KeyGenerator InspectMap(map);
}

Compliant Solution (Sign, Seal)

This compliant solution correctly signs the object before sealing it. This provides a guarantee of authenticity to the object, in addition to protection from man-in-the-middle attacks.

Code Block
bgColor#ccccff

public static void main(String[] args)
  throws IOException, GeneralSecurityException, ClassNotFoundException {
  // Build map
  SerializableMap<String, Integer> map = buildMap();

  // Generate signing public/private key pair & sign map
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
  KeyPair kp = kpg.generateKeyPair();
  Signature sig = Signature.getInstance("SHA1withDSA");
  SignedObject signedMap = new SignedObject(map, kp.getPrivate(), siggenerator;
  generator = KeyGenerator.getInstance("AES");
  generator.init(new SecureRandom());
  Key key = generator.generateKey();
  Cipher cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.ENCRYPT_MODE, key);
  SealedObject sealedMap = new SealedObject(signedMap, cipher);

  // Serialize map
  ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data"));
  out.writeObject(sealedMap);
  out.close();

  // Deserialize map
  ObjectInputStream in = new ObjectInputStream(new FileInputStream("data"));
  sealedMap = (SealedObject) in.readObject();
  in.close();

  // GenerateUnseal sealingmap
 key &cipher seal map= Cipher.getInstance("AES");
  KeyGenerator generatorcipher.init(Cipher.DECRYPT_MODE, key);
  generatorsignedMap = (SignedObject) KeyGeneratorsealedMap.getInstancegetObject("AES"cipher);
  generator.init(new SecureRandom());
  Key key = generator.generateKey();
  Cipher cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.ENCRYPT_MODE, key);
  SealedObject sealedMap = new SealedObject(signedMap, cipher);

  // Serialize map
  ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("data"));
  out.writeObject(sealedMap);
  out.close();

  // Deserialize map
  ObjectInputStream in = new ObjectInputStream(new FileInputStream("data"));
  sealedMap = (SealedObject) in.readObject();
  in.close();

  // Unseal map
  cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.DECRYPT_MODE, key);
  signedMap = (SignedObject) sealedMap.getObject(cipher);

  // Unsign map
  if (!signedMap.verify(kp.getPublic(), sig)) {
    throw new GeneralSecurityException("Map failed verification");
  }
  map = (SerializableMap<String, Integer>) signedMap.getObject();

  // Inspect map
  InspectMap(map);
}


  // Unsign map
  if (!signedMap.verify(kp.getPublic(), sig)) {
    throw new GeneralSecurityException("Map failed verification");
  }
  map = (SerializableMap<String, Integer>) signedMap.getObject();

  // Inspect map
  InspectMap(map);
}

Wiki Markup
Abadi and Needham have suggested \[[Abadi 1996|AA. Bibliography#Abadi 96]\] a useful principle of secure software design

When a principal signs material that has already been encrypted, it should not be inferred that the principal knows the content of the message. On the other hand, it is proper to infer that the principal that signs a message and then encrypts it for privacy knows the content of the message.

Wiki Markup
The rationale is that any malicious party can intercept the originally signed encrypted message from the originator, strip the signature and add its own signature to the encrypted message. Both the malicious party, and the receiver have no information about the contents of the original message as it is encrypted and then signed (it can only be decrypted after verifying the signature). The receiver has no way of confirming the sender's identity unless the legitimate sender's public key is obtained over a secure channel. One of the three CCITT X.509 standard protocols was susceptible to such an attack \[[CCITT 1988|AA. Bibliography#CCITT 88]\].

Exceptions

Wiki Markup
*SER02-EX0:* A reasonable use for signing a sealed object is to certify the authenticity of a sealed object passed from elsewhere. In the spirit of the \[[Abadi 1996|AA. Bibliography#Abadi 96]\] quotation above, thisThis represents a commitment _about the sealed object itself_ rather than about its contentabout its content \[[Abadi 1996|AA. Bibliography#Abadi 96]\].

SER02-EX1: Signing and sealing is only required for objects that must cross a trust boundary. Objects that never leave the trust boundary need not be signed or sealed. For instance, if an entire network is contained within a trust boundary, then objects that never leave this network need not be signed or sealed.

Risk Assessment

Failure to sign and/or then seal objects during transit can lead to loss of object integrity or confidentiality.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER02-J

medium

probable

high

P4

L3

Automated Detection

Not amenable to static analysis in the general case.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

MITRE 2009

CWE ID 319, "Cleartext Transmission of Sensitive Information"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0fb56e718db4b809-fa6ebc9d-4e7d4240-a7dc87d8-281f713fa2ea8901b8fcb652"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8b56ae9ad43a79d7-df251d4c-469f4aa1-89b6a87a-e2c40257825c97faa0f60ced"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

9.10 Sealing Objects

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6b6115ca7fdf1145-138d79b6-4208462d-b54c84f1-dd3e9e9a62cffa702e2f9224"><ac:plain-text-body><![CDATA[

[[Harold 1999

AA. Bibliography#Harold 99]]

Chapter 11: Object Serialization, Sealed Objects

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c9be0c1835e084d0-144d330f-47414b3d-b15faf94-fa1b958fd0f660b7412c000b"><ac:plain-text-body><![CDATA[

[[Neward 2004

AA. Bibliography#Neward 04]]

Item 64: Use SignedObject to provide integrity of Serialized objects

]]></ac:plain-text-body></ac:structured-macro>

 

Item 65: Use SealedObject to provide confidentiality of Serializable objects

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="43382a473d2b3d05-f7d214d3-40ac4dfd-b0098c41-8f2181bb94fb6a56c4dceb87"><ac:plain-text-body><![CDATA[

[[Steel 2005

AA. Bibliography#Steel 05]]

Chapter 10: Securing the Business Tier, Obfuscated Transfer Object

]]></ac:plain-text-body></ac:structured-macro>

...