...
The use of reflection is necessary if the non-final class has members that are declared private or are otherwise inaccessible to the attacker. Declaring the class or its methods final prohibits this level of access.
Noncompliant Code Example
In this noncompliant code example, a malicious class can extend the public non-final class, NonFinal. As a result, it can call any of its instance methods and access its protected fields.
| Code Block | ||
|---|---|---|
| ||
public class NonFinal {
public NonFinal() {
// ...
}
}
|
Compliant Solution
| Wiki Markup |
|---|
This compliant solution installs a security manager check in the constructor of the non-final class. Access is denied if the security manager detects that a subclass without the requisite permissions, is trying to instantiate the superclass. \[[SCG 07|java:AA. Java References#SCG 07]\] |
...
It is critical to compare the class types and not the class names (OBJ34-J. Compare classes and not class names).
Risk Assessment
Allowing a non-final class or method to be inherited without checking the class instance allows a malicious subclass to misuse the privileges of the class.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ33- J | medium | likely | medium | P12 | L1 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[McGraw 00|java:AA. Java References#McGraw 00]\] Chapter Seven Rule 3: "Make Everything Final, Unless There's a Good Reason Not To" \[[Lai 08|java:AA. Java References#Lai 08]\] \[[SCG 07|java:AA. Java References#SCG 07]\] Guideline 1-2 "Limit the extensibility of classes and methods" \[[Gong 03|java:AA. Java References#Gong 03]\] Chapter 6: "Enforcing Security Policy" \[[Bloch 08|java:AA. Java References#Bloch 08]\] Item 1: "Consider static factory methods instead of constructors" |
...