...
This noncompliant code example demonstrates an information leak issue. The code accepts the credit card expiration date as an input argument and uses it within the format string. In the absence of proper input validation, an artful attacker can glean the date against which the input is being verified. Any of the arguments %1$tm, %1$te or %1$tY
can aid such an attempt.
Code Block | ||
---|---|---|
| ||
class Format { static Calendar c = new GregorianCalendar(1995, GregorianCalendar.MAY, 23); public static void main(String[] args) { // args[0] is the credit card expiration date // args[0] can contain either %1$tm, %1$te or %1$tY as malicious arguments // First argument prints 05 (May), second prints 23 (day) and third prints 1995 (year) //perform Perform comparison with c, if it doesn't match print the following line System.out.printf(args[0] + " did not match! HINT: It was issued on %1$terd of some month", c); } } |
...
The best remedy for format string problems is to ensure that user generated input never shows up in format strings. This safeguards the code from unforeseen exploitation.
Code Block | ||
---|---|---|
| ||
class Format { static Calendar c = new GregorianCalendar(1995, MAY, 23); public static void main(String[] args) { // args[0] is the credit card expiration date //perform Perform comparison with c, if it doesn't match print the following line System.out.printf("The input did not match! HINT: It was issued on %1$terd of some month", c); } } |
...