...
- uses objects to store sensitive data whose contents are not cleared or garbage collected after use
- has memory pages that can be swapped out to disk as required by the operating system (to perform memory management tasks and support hibernation)
- uses a buffer to hold sensitive data (such as
BufferedReader) that retains copies of the data in the OS cache or in memory. - bases its control flow on Reflection that allows circumventing any countermeasures to limit the lifetime of sensitive variables
- reveals sensitive data in debugging messages, log files, environment variables or through thread and core dumps
...
| Code Block | ||
|---|---|---|
| ||
private void readIntoDirectBuffer() throws IOException {
ByteBuffer buffer = ByteBuffer.allocateDirect(16 * 1024);
FileChannel rdr = (new FileInputStream("file")).getChannel();
while(rdr.read(buffer) > 0) {
// Do something with the buffer
buffer.clear();
}
rdr.close();
}
|
...
Failure to limit the lifetime of sensitive data can lead to sensitive information leaks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC10- J | medium | likely | medium | P12 | L1 |
...