...
Non Compliant code example:
| Code Block |
|---|
public class NonFinalBankOperation{   //sole constructor   String ssn= new String("123456");   public NonFinal() {   //invoke java.lang.Object.getClass to get class instance   Class clazz = getClass();    Method m = clazz.getMethod(ssn, (Class[])null);      m.invoke(this, (Object[])null) ;    }   public void getSSN() {     System.out.println("The SSN is: " + ssn);   } }  public class subClass extends NonFinal {   public subClass() {     NonFinal();   }    public void getSSN() {       ssn = "456789";       System.out.println("The SSN is: "+ssn);   }   public void main(String[] args) {     subClass subclass = new subClass();    } } |
Here, an attacker can easily create an instance and override methods of the NonFinal class.
Compliant Solution:
The compliant solution confirms the object's class type by examining the java.lang.Class instance belonging to that object since the instances are scoped by the class name and the class loader that defined the class.
| Code Block |
|---|
public class NonFinal{ //sole constructor String ssn = new String("123456"); public NonFinal() { //the account balance has already been retrieved from the database and stored in the foll variable Integer balance = 5000; public BankOperation() { //invoke java.lang.Object.getClass to get class instance Class clazz = getClass(); //confirm class type if (clazz != NonFinal.class) {  //permission needed to subclass NonFinal securityManagerCheck(shows the class of the instantiated object System.out.println(clazz); } m.invoke(this, (Object[])null) ; Method Method m; try { m = clazz.getMethod(balance.toString(ssn), (Class[])null); m.invoke(this, (Object[])null) ; } catch (Exception e) { //e.printStackTrace(); } }  public void getSSNgetBalance() { System.out.println("The SSNcurrent balance is: $" + ssnbalance); } } //this class has been written } by the attacker public class SubClass extends BankOperation private{ public void securityManagerCheckgetBalance() { //The attacker can change his account balance to any value he wants. InputStreamReader input = SecurityManager sm = new InputStreamReader(System.getSecurityManager(in); BufferedReader reader = new BufferedReader(input); System.out.print(" Enter if (sm != null)balance: "); try { balance        sm.checkPermission(Permission perm, sm.getSecurityContext= Integer.parseInt(reader.readLine()); } } }  public class subClass extends NonFinal { public subClass() { NonFinal(); } public void getSSN() { ssn = "456789"; } catch (IOException e) { //e.printStackTrace(); } System.out.println("The SSNbalance is: "+ssnbalance); } public public static void main(String[] args) { SubClass subclass = new SubClass(); subClass subclass = new subClasssubclass.getBalance(); } } |
Here, an attacker can easily create an instance and override methods of the BankOperation class.
Compliant Solution:
This compliant solution can be achieved by using the keyword final, thus ensuring that the sensitive class cannot be extended.
| Code Block |
|---|
final class } } BankOperation{ //normal coding... } |
In case the class needs to be extended, then permissions should be checked in case a sub class is detected during construction so that malicious implementations are blocked.
Risk Assessment:
Allowing a non-final class or method to be inherited without checking the class instances, allows an attacker to exploit it.
...