SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 27

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NonMember methods of non-final classes containing methods that perform security checks can be compromised if when a malicious subclass overrides the methods and omits the checks. For this reasonConsequently, these such methods must be declared private or final to prevent them from being extendedoverriding.

Noncompliant Code Example

...

Code Block
bgColor#FFcccc
public void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check iffor filepermission canto beread readfile
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception  
  }
}

Compliant Solution

This compliant solution prohibits inheritance prevents overriding of the readSensitiveFile() method by declaring it as final.

Code Block
bgColor#ccccff
public final void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // checkCheck iffor filepermission canto beread readfile
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception 
  }
}

Compliant Solution

This compliant solution prohibits inheritance prevents overriding of the readSensitiveFile() method by declaring it private.

Code Block
bgColor#ccccff
private void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // checkCheck iffor filepermission canto beread readfile
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception 
  }
}

...

MET03-EX0: Classes that are declared final are exempt from this guideline as they imply that the contained because their member methods cannot be overridden.

Risk Assessment

Failing Failure to declare a non-final class's method private or final can allow a affords the opportunity for a malicious subclass to circumvent bypass the security checks performed in the methods.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET03-J

medium

probable

medium

P8

L2

Automated Detection

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

...