SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 100

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 101

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Classes that are not sensitive but maintain other invariants must be sensitive to the possibility of malicious subclasses accessing or manipulating their data and possibly invalidating their invariants. See rule "OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code safely" for more information.

Noncompliant Code Example

...

This class fails to prevent malicious subclasses but does protect the data in SensitiveClass. Its methods are protected by being declared final. For more information on how to handle malicious subclasses, see rule "OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code safely."

Risk Assessment

Failure to make sensitive classes non-copyable can permit violations of class invariants and provide malicious subclasses with the opportunity to exploit the code to create new instances of objects, even in the presence of the default security manager (in the absence of custom security checks).

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7fc2ff839ef98fa5-d36486e8-44194609-abf7bdee-7e95bdba7bfa36e169ac576b"><ac:plain-text-body><![CDATA[

[[McGraw 1998

AA. Bibliography#Mcgraw 98]]

Twelve rules for developing more secure Java code

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cd6a89181fcc3bad-459f3fd8-4ce845f6-b15fbd25-f61e567dfb5731289ecd6888"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-498

http://cwe.mitre.org/data/definitions/498.html] "Cloneable Class Containing Sensitive Information", [CWE-491

http://cwe.mitre.org/data/definitions/491.html] "Public cloneable() Method Without Final (aka 'Object Hijack')"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="15528ccf2469a57f-37c7d30d-40714249-849688dc-fa34ed37c77f06011a0f3c27"><ac:plain-text-body><![CDATA[

[[Wheeler 2003

AA. Bibliography#Wheeler 03]]

10.6. Java

]]></ac:plain-text-body></ac:structured-macro>

...