SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 23

changes.mady.by.user Pennie Walters

Saved on

compared with

New Version 24

changes.mady.by.user Pennie Walters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The data is sensitive but its serialization or transportation is necessary
  • A secure communication channel such as SSL is absent or is a costly alternative for limited transactions
  • Some sensitive data needs to persist over an extended period of time (for example, on an external hard drive)
  • Implementing home-brewed cryptographic algorithms such as in the readObject and writeObject methods can leave the application vulnerable

Noncompliant Code Example

This noncompliant code example is capable of being serialized and transferred across different business tiers. Unfortunately, there are no safeguards against byte stream manipulation attacks while the binary data is in transit. Likewise, anyone can reverse engineer the stream data from its hexadecimal notation to unravel the HashMap containing sensitive social security numbers.

Code Block
bgColor#FFcccc
class SimpleObject<E,V> implements Serializable {
  final static long serialVersionUID = -2648720192864531932L;
  private HashMap<E,V> ssnMap;
  
  public SimpleObject() {
    ssnMap = new HashMap<E,V>();
  }

  public Object getdata(E key)  {
    return ssnMap.get(key);
  }

  public void setData(E key, V data)  {
    ssnMap.put(key, data);
  }
}

Compliant Solution

To provide message confidentiality, use the javax.crypto.SealedObject class. This class encapsulates a serialized object and encrypts (or seals) it. A strong cryptographic algorithm that uses a secure cryptographic key and padding scheme must be employed to initialize the Cipher object parameter. The seal and unseal utility methods provide the encryption and decryption facilities respectively.

...

Finally, refrain from signing encrypted (sealed) data. (See SEC32-J. Create and sign a SignedObject before creating a SealedObject)

Risk Assessment

Failure to sign and/or seal objects during transit can lead to loss of object integrity or confidentiality.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC06- J

medium

probable

high

P4

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\] 
\[[Steel 05|AA. Java References#Steel 05]\] Chapter 10: Securing the Business Tier, Obfuscated Transfer Object
\[[Gong 03|AA. Java References#Gong 03]\] 9.10 Sealing Objects
\[[Harold 99|AA. Java References#Harold 99]\] Chapter 11: Object Serialization, Sealed Objects 
\[[Neward 04|AA. Java References#Neward 04]\] Item 64: Use SignedObject to provide integrity of Serialized objects and Item 65: Use SealedObject to provide confidentiality of Serializable objects
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 319|http://cwe.mitre.org/data/definitions/319.html] "Cleartext Transmission of Sensitive Information"

...