SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 95

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 96

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor

...

Code Block
bgColor#FFcccc
class SecurityIOException extends IOException {/* ... */};

try {
  FileInputStream fis = new FileInputStream(System.getenv("APPDATA") + args[0]);
} catch (FileNotFoundException e) {
  // Log the exception
  throw new SecurityIOException();
}

While this exception is less likely to leak useful information than previous noncompliant code examples, it still reveals that the specified file cannot be read. More specifically, the program reacts differently to nonexistent file paths than it does to valid ones, and an attacker can still infer sensitive information about the file system from this program's behavior. Failure to restrict user input leaves the system vulnerable to a brute force attack in which the attacker discovers valid file names with repeated queries that collectively cover the space of possible file names; queries that result in the sanitized message exclude the requested file, the remaining possibilities represent the actual files.

...

Code Block
bgColor#ccccff
class ExceptionExample {
  public static void main(String[] args) {
    File file = null;
    try {
      file = new File(System.getenv("APPDATA") + args[0]).getCanonicalFile();
      if (!file.getPath().startsWith("c:\\homepath")) {
        System.out.println("Invalid file");
        return;
      }
    } catch (IOException x) {
      System.out.println("Invalid file");
      return;
    }

    try {
      FileInputStream fis = new FileInputStream( file);
    } catch (FileNotFoundException x) {
      System.out.println("Invalid file");
      return;
    }
  }
}

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6dcf1bc8c2ce551e-16cdce9e-4a6f4a2d-917bbaf0-5caae31b3efe67ddf5756ae6"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 209

http://cwe.mitre.org/data/definitions/209.html] "Information Exposure Through an Error Message"

]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 600 "Uncaught Exception in Servlet"

 

CWE ID 497 "Exposure of System Data to an Unauthorized Control Sphere"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="baf35f041e9a0f43-6dfad5bd-4fe24c75-ab1bb349-51e268b6daa03f7c0ec4bcee"><ac:plain-text-body><![CDATA[

[[Gong 2003

AA. Bibliography#Gong 03]]

9.1 Security Exceptions

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b71953e915fcf802-210b2b47-4d6c4b71-a86cbd60-e94cc09040b882c38c0fff58"><ac:plain-text-body><![CDATA[

[[SCG 2007

AA. Bibliography#SCG 07]]

Guideline 3-4 Purge sensitive information from exceptions

]]></ac:plain-text-body></ac:structured-macro>

...