...
| Code Block | ||
|---|---|---|
| ||
public class BankOperations {
public BankOperations() {
if (!performSSNVerification()) {
throw new SecurityException(""Invalid SSN!"");
}
}
private boolean performSSNVerification() {
return false; // Returns true if data entered is valid, else false. Assume that the attacker just enters invalid SSN.
}
public void greet() {
System.out.println(""Welcome user! You may now use all the features."");
}
}
public class UserApp {
public static void main(String[] args) {
BankOperations bo;
try {
bo = new BankOperations();
} catch(SecurityException ex) { bo = null; }
Storage.store(bo);
System.out.println(""Proceed with normal logic"");
}
}
public class Storage {
private static BankOperations bop;
public static void store(BankOperations bo) {
// Only store if it is not initialized
if (bop == null) {
if (bo == null) {
System.out.println(""Invalid object!"");
System.exit(1);
}
bop = bo;
}
}
}
|
...
| Code Block |
|---|
public class Interceptor extends BankOperations {
private static Interceptor stealInstance = null;
public static Interceptor get() {
try {
new Interceptor();
} catch(Exception ex) { } // Ignore the exception
try {
synchronized(Interceptor.class) {
while (stealInstance == null) {
System.gc();
Interceptor.class.wait(10);
}
}
} catch(InterruptedException ex) { return null; }
return stealInstance;
}
public void finalize() {
synchronized(Interceptor.class) {
stealInstance = this;
Interceptor.class.notify();
}
System.out.println(""Stolen the instance in finalize of "" + this);
}
}
public class AttackerApp { // Invoke class and gain access to the restrictive features
public static void main(String[] args) {
Interceptor i = Interceptor.get(); // stolen instance
// Can store the stolen object though this should have printed ""Invalid Object!""
Storage.store(i);
// Now invoke any instance method of BankOperations class
i.greet();
UserApp.main(args); // Invoke the original UserApp
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
class BankOperations {
public volatile boolean initialized = false; // volatile flag
public BankOperations() {
if (!performSSNVerification()) {
throw new SecurityException(""Invalid SSN!"");
}
else {
initialized = true; // object construction succeeded
}
}
private boolean performSSNVerification() {
return false;
}
public void greet() {
if(initialized == true) {
System.out.println(""Welcome user! You may now use all the features."");
// ...
}
else {
System.out.println(""You are not permitted!"");
}
}
}
|
EX2: It is permissible to use the telescoping pattern when the overhead of the builder pattern is significant as compared to the number of parameters required to be initialized. This pattern prescribes a constructor to initialize the required parameters and individual constructors for each optional parameter that is added.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[JLS 05|AA. Java References#JLS 05]\] Section 12.6, Finalization of Class Instances \[[API 06|AA. Java References#API 06]\] [finalize()|http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#finalize()] \[[SCG 07|AA. Java References#SCG 07]\] Guideline 4-2 Defend against partially initialized instances of non-final classes \[[Kabutz 01|AA. Java References#Kabutz 01]\] Issue 032 - Exceptional Constructors - Resurrecting the dead \[[Bloch 08|AA. Java References#Bloch 08]\] Item 7, Avoid finalizers \[[Darwin 04|AA. Java References#Darwin 04]\] Section 9.5, The Finalize Method \[[Flanagan 05|AA. Java References#Flanagan 05]\] Section 3.3, Destroying and Finalizing Objects |
...
OBJ31-J. Do not use public static non-final variables 08. Object Orientation (OBJ) OBJ33-J. Limit the extensibility of non-final classes and methods to only trusted subclasses