Non-final classes containing methods that perform security checks can be compromised if a malicious subclass overrides the method and omits the checks. For this reason, it is recommended that the methods be prohibited from being extended by declaring them private
or final
.
Noncompliant Code Example
This noncompliant code example allows a subclass to override the readSensitiveFile()
method and omit the required security check.
Code Block | ||
---|---|---|
| ||
public void readSensitiveFile() { try { SecurityManager sm = System.getSecurityManager(); if(sm != null) { // Check if file can be read sm.checkRead("/temp/tempFile"); } // Access the file } catch (SecurityException se) { // Log exception } } |
Compliant Solution
This compliant solution prohibits inheritance of the readSensitiveFile()
method by declaring it final
.
Code Block | ||
---|---|---|
| ||
public final void readSensitiveFile() { try { SecurityManager sm = System.getSecurityManager(); if(sm != null) { // check if file can be read sm.checkRead("/temp/tempFile"); } // Access the file } catch (SecurityException se) { // Log exception } } |
Compliant Solution
This compliant solution prohibits inheritance of the readSensitiveFile()
method by declaring it private
.
Code Block | ||
---|---|---|
| ||
private void readSensitiveFile() { try { SecurityManager sm = System.getSecurityManager(); if(sm != null) { // check if file can be read sm.checkRead("/temp/tempFile"); } // Access the file } catch (SecurityException se) { // Log exception } } |
Exceptions
EX1: Classes that are declared final
are exempt from this guideline as they imply that the contained methods cannot be overridden.
Risk Assessment
Failing to declare a non-final class's method private
or final
can allow a subclass to omit the security checks defined in the methods.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MET06- J | medium | probable | medium | P8 | L2 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[Ware 08|AA. Java References#Ware 08]\] |
...