...
| Code Block | ||
|---|---|---|
| ||
class SensitiveHash {
Hashtable<Integer,String>Hashtable<Integer,String> ht = new Hashtable<Integer,String>Hashtable<Integer,String>();
public void removeEntry(Object key) {
ht.remove(key);
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
class SensitiveHash {
Hashtable<Integer,String>Hashtable<Integer,String> ht = new Hashtable<Integer,String>Hashtable<Integer,String>();
void removeEntry(Object key) {
check("removeKeyPermission""removeKeyPermission");
ht.remove(key);
}
private void check(String directive) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkSecurityAccess(directive);
}
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
SecurityManager sm = System.getSecurityManager();
if(sm != null) { //check if file can be read
sm.checkRead(""/local/schema.dtd"");
}
|
Compliant Solution
Two methods, checkPermission(Permission perm) and checkPermission(Permission perm, Object context) were added to the SecurityManager class in J2SE 1.2. The motivations for this change were manifold:
...
| Code Block | ||
|---|---|---|
| ||
SecurityManager sm = System.getSecurityManager();
if(sm != null) { //check if file can be read
DTDPermission perm = new DTDPermission(""/local/"", "readDTD""readDTD");
sm.checkPermission(perm);
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] |
...
FIO36-J. Do not create multiple buffered wrappers on an InputStream 09. Input Output (FIO) 09. Input Output (FIO)