When objects are being serialized using the writeObject() method, if the same object is encountered more than once, it is written to the output stream only once, and after the first occurrence, only a reference to the first occurrence is written to the stream. Correspondingly, the readObject() method resolves references written by writeObject() to multiple occurrences of the same object.
Wiki Markup writeUnshared()}} method:
writes an "unshared" object to the ObjectOutputStream. This method is identical to writeObject, except that it always writes the given object as a new, unique object in the stream (as opposed to a back-reference pointing to a previously serialized instance).
...
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC62-J | medium | low | low | P6 | L2 |
Automated Detection
Automated detection is straightforward.
...
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
...
[ [API 2006AA. References#API 06] ] | [Class ObjectOutputStreamhttp://download.oracle.com/javase/6/docs/api/java/io/ObjectOutputStream.html] and [Class ObjectInputStreamhttp://download.oracle.com/javase/6/docs/api/java/io/ ObjectInputStream.html]]]></ac:plain-text-body></ac:structured-macro> |