SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user Kalpana Chatnani

Saved on

compared with

New Version 9

changes.mady.by.user Kalpana Chatnani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
A non-final class or method, which is not meant to be inherited, can be overridden by an attacker, if it is not declared as final \[3\].
\\

...

 Wiki Markup
In case inheritance is to be limited to trusted implementations for a public, non-final class, then the class type should be confirmed before creating the instance at each place where an instance of the non-final class can be created. A SecurityManager check should be enforced on detecting a subclass (Chapter 6 of \[2\]).
...
A 
...
 non-final 
...
 class 
...
 can 
...
 be 
...
 subverted 
...
 simply 
...
 by 
...
 declaring 
...
 a 
...
 malicious 
...
 class 
...
 that 
...
 inherits 
...
 from 
...
 the 
...
 non-final 
...
 class 
...
 which 
...
 implies 
...
 that 
...
 there 
...
 is 
...
 no 
...
 need 
...
 for 
...
 reflection. 
...
 However, 
...
 reflection 
...
 is 
...
 necessary 
...
 if 
...
 the 
...
 non-final 
...
 class 
...
 is 
...
 private 
...
 or 
...
 otherwise 
...
 inaccessible 
...
 to 
...
 the 
...
 attacker.
...
Non 
...
 Compliant 
...
 code 
...
example:
Image Added
 Here, an attacker can easily create an instance and override methods of the NonFinal class.
Compliant Solution:
The compliant solution confirms the object's class type by examining the java.lang.Class instance belonging to that object since the instances are scoped by the class name and the class loader that defined the class.
 Image Added
Risk Assessment:
Allowing a non-final class or method to be inherited without checking the class instances, allows an attacker to exploit it.
 Rule 
 Severity 
 Likelihood 
 Remediation Cost 
 Priority 
 Level 
 OBJ33-J 
 high 
 probable 
 high 
 P3 
 L3 
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website
Reference:
  1. Secure Coding Guidelines for the Java Programming Language http://java.sun.com/security/seccodeguide.html
...
  2. Li Gong, 
...
  1.  Gary 
...
  1.  Ellison, 
...
  1.  and 
...
  1.  Mary 
...
  1.  Dageforde.
...

  1.  Inside 
...
  1.  Java 
...
  1.  2 
...
  1.  Platform 
...
  1.  Security. 
...
  1.  2nd 
...
  1.  ed.
...

  1.  Boston, 
...
  1.  MA: 
...
  1.  Addison-Wesley, 
...
  1.  2003.
...
  2. Joshua Bloch. 
...
  1.  Effective 
...
  1.  Java 
...
  1.  Programming 
...
  1.  Language 
...
  1.  Guide.
...

  1.  1st 
...
  1.  ed. 
...
  1.  Addison-Wesley 
...
  1.  Professional, 
...
  1.  2001.