SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user Fred Long

Saved on

compared with

New Version 22

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See MET52-JG. Do not use the clone method to copy untrusted method parameters for more specific details regarding overriding the Object.clone() method.

Noncompliant Code Example (hashCode)

This noncompliant code example shows a LicenseManager class that maintains a licenseMap. The map stores a LicenseType and license value pair.

...

The client program runs through the sequence of all possible hash codes using CraftedLicenseType until it successfully matches the hash code of the demo license key object stored in the LicenseManager class. Consequently, the attacker can discover the sensitive data present within the licenseMap in only a few minutes. The attack operates by discovering at least one hash collision with respect to the key of the map.

Compliant Solution

This compliant solution uses an IdentityHashMap rather than a HashMap to store the license information:

...

Code Block
public class DemoClient {
    public static void main(String[] args) {
        LicenseManager licenseManager = new LicenseManager();
        LicenseType type = new LicenseType();
        type.setType("custom-license-key");
        licenseManager.setLicenseKey(type, "CUS-TOM-LIC-KEY");
        Object licenseKeyValue = licenseManager.getLicenseKey(type);
        System.out.println(licenseKeyValue); // Prints CUS-TOM-LIC-KEY
    }
}

 

Compliant Solution (final class)

This compliant solution declares the LicenseType class final so that its methods cannot be overridden:

Code Block
bgColor#ccccff
final class LicenseType {
  // ...
}

Noncompliant Code Example

This noncompliant code example consists of a Widget class and a LayoutManager class containing a set of widgets:

...

The reason for this discrepancy is that the hashCode() method of Widget is used only once when the widget is added to the set. When the navigator is added, the hashCode() method provided by the Navigator class is used. 

Compliant Solution (final class)

This compliant solution declares the Widget class final so that its methods cannot be overridden:

Code Block
bgColor#ccccff
public final class Widget {
    // ...
}

Noncompliant Code Example (run())

In this noncompliant code example, class Worker and its subclass SubWorker each contain a startThread()method intended to start a thread:

...

the client may expect Parent and Child to be printed. However, Child is printed twice because the overridden method run() is invoked both times that a new thread is started.

Compliant Solution

This compliant solution modifies the SubWorker class and removes the call to super.startThread():

...

Code Block
Worker w1 = new Worker();
w1.startThread("parent-thread");
Worker w2 = new SubWorker();
w2.startThread("child-thread");

Bibliography

[API 2011]Class IdentityHashMap
[Hawtin 06][drlvm][kernel_classes] ThreadLocal vulnerability

...