...
Java-based technologies typically use the Java Archive (JAR) feature to package files for platform-independent deployment. JAR files are the preferred means of distribution for Enterprise Java-Beans (EJB), MIDlets (J2ME), and Weblogic Server J2EE applications, for example. The point-and-click installation provided by Java Web Start also relies on the JAR file format for packaging. Vendors sign their JAR files when required. This certifies the authenticity of the code, but it cannot guarantee the security of the code.
Wiki Markup
If you are creating applet code that you will sign, it needs to be placed in a JAR file. The same is true if you are creating application code that may be similarly restricted by running it with a security manager. The reason you need the JAR file is that when a policy file specifies that code signed by a particular entity is permitted one or more operations, such as specific file reads or writes, the code is expected to come from a signed JAR file. (The term "signed code" is an abbreviated way of saying "code in a class file that appears in a JAR file that was signed.")
...
This noncompliant code example demonstrates the JarRunner application, which can be used to dynamically execute a particular class residing within a JAR file (abridged version of the class in The Java Tutorials [Tutorials 2008]). It creates a JarClassLoader that loads an application update, plug-in, or patch over an untrusted network such as the Internet. The URL to fetch the code is specified as the first argument (for example, http://www.securecoding.cert.org/software-updates.jar
); any other arguments specify the arguments that are to be passed to the class that is loaded. JarRunner uses reflection to invoke the main() method of the loaded class. Unfortunately, by default, JarClassLoader verifies the signature using the public key contained within the JAR file.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC06-J | high | probable | medium | P12 | L1 |
Automated Detection
...
Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments \ [[Fairbanks 2007|AA. References#Fairbanks 07] \] could assist both programmers and static analysis tools.
Related Guidelines
...
[ISO/IEC TR 24772:2010http://www.aitcnet.org/isai/] | Improperly Verified Signature [XZR] ]]></ac:plain-text-body></ac:structured-macro> |
CWE-300. Channel accessible by non-endpoint (aka "man-in-the-middle") | |
| CWE-319. Cleartext transmission of sensitive information |
| CWE-494. Download of code without integrity check |
| CWE-347. Improper verification of cryptographic signature |
Bibliography
...
[[API 2006AA. References#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8bcf9521-6b53-4781-8bc9-368f19bfbf96"><ac:plain-text-body><![CDATA[ | |
[[Bea 2008AA. References#Bea 08] ] |
| ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="641319d1-7aac-46e7-8f6b-9c7696a0fd66"><ac:plain-text-body><![CDATA[ | |
[ [Eclipse 2008AA. References#Eclipse 08] ] | [JAR Signing | http://wiki.eclipse.org/JAR _ Signing] and [Signed bundles and protecting against malicious codehttp://help.eclipse.org/stable/index.jsp?topic=/org.eclipse.platform.doc.isv/guide] | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f40d8d7b-a37c-46fc-b663-fd2a54584102"><ac:plain-text-body><![CDATA[ | [[Fairbanks 2007AA. References#Fairbanks 07] ] |
| ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="537aae2a-340a-490a-bf84-cf1a99f1734e"><ac:plain-text-body><![CDATA[ |
[ [Flanagan 2005AA. References#Flanagan 05] ] | Chapter 24, The | ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="376d574c-a542-4068-b454-3d6b659947fd"><ac:plain-text-body><![CDATA[ | |
[[Gong 2003AA. References#Gong 03] ] | 12.8.3, | ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0b92d224-0f38-46b2-a01f-f0669f808bd2"><ac:plain-text-body><![CDATA[ | |
[[Halloway 2001AA. References#Halloway 01]] |
| ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="01ae2f45-0c40-4281-88c9-9480b6aca454"><ac:plain-text-body><![CDATA[ | |
[[JarSpec 2008AA. References#JarSpec 08]] | Signature Validation ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d3659e89-3eef-40bd-b546-607b0bb35c1e"><ac:plain-text-body><![CDATA[ | [ [Oaks 2001AA. References#Oaks 01] ] | Chapter 12, Digital Signatures, Signed Classes | ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="451ac7b9-5385-4b3b-82d0-fd3386b341fd"><ac:plain-text-body><![CDATA[ |
[ [Muchow 2001AA. References#Muchow 01] ] | ]]></ac:plain-text-body></ac:structured-macro><ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8709ba3c-116d-4018-b65d-99d12ba27ea6"><ac:plain-text-body><![CDATA | |||
[ [[Tutorials 2008AA. References#Tutorials 08] ] | [The | http://java.sun.com/docs/books/tutorial/deployment/jar/verify.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...