SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 30

changes.mady.by.user Pennie Walters

Saved on

compared with

New Version 31

changes.mady.by.user Pennie Walters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Hardcoding sensitive information, such as passwords and encryption keys, is an extremely dangerous practice. This is because adversaries who have access to the class files can decompile them to discover the sensitive information. Additionally, once the system goes into production mode, it can become unwieldy to manage and accommodate changes to the code. For instance, a change in password may need to be communicated using a patch \[[Chess 07|AA. Java References#Chess 07]\].

Noncompliant Code Example

This noncompliant code example uses a password field instantiated as a String.

...

Code Block
Compiled from "Hardcoded.java"
class Hardcoded extends java.lang.Object{
java.lang.String password;

Hardcoded();
  Code:
   0:	aload_0
   1:	invokespecial	#1; //Method java/lang/Object."<init>":()V
   4:	aload_0
   5:	new	#2; //class java/lang/String
   8:	dup
   9:	ldc	#3; //String guest
   11:	invokespecial	#4; //Method java/lang/String."<init>":(Ljava/lang/String;)V
   14:	putfield	#5; //Field password:Ljava/lang/String;
   17:	return

public static void main(java.lang.String[]);
  Code:
   0:	return

}

Compliant Solution

This compliant solution uses a char array to store the password after it is retrieved from an external file existing in a secured directory. The password is immediately cleared out after use. This limits the exposure time.

...

To further limit the exposure time of the sensitive password, follow the guideline MSC08-J. Limit the lifetime of sensitive data by replacing BufferedReader with a direct NIO buffer.

Noncompliant Code Example

This noncompliant code example hardcodes the user name and password fields in the SQL connection request.

...

Note that the one and two argument java.sql.DriverManager.getConnection() methods may also be used incorrectly. Applets that contain similar code are also noncompliant because they may be executed in untrusted environments.

Compliant Solution

This compliant solution reads the user name and password from a configuration file present in a secure directory.

...

It is also permissible to prompt the user for the user name and password at runtime and use the entered values.

Risk Assessment

Hardcoding sensitive information allows a malicious user to glean the information.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC31- J

high

probable

medium

P12

L1

Automated Detection

TODO

Related Vulnerabilities

GERONIMO-2925, GERONIMO-1135

Other Languages

This rule appears in the C Secure Coding Standard as MSC18-C. Be careful while handling sensitive data, such as passwords, in program code

References

Wiki Markup
\[[Gong 03|AA. Java References#Gong 03]\] 9.4 Private Object State and Object Immutability
\[[Chess 07|AA. Java References#Chess 07]\] 11.2 Outbound Passwords: Keep Passwords out of Source Code
\[[Fortify 08|AA. Java References#Fortify 08]\] "Unsafe Mobile Code: Database Access"
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 259|http://cwe.mitre.org/data/definitions/259.html] "Hard-Coded Password"

...