SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 70

changes.mady.by.user Dean Sutherland

Saved on

compared with

New Version 71

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Normally, if two applets have the same codebase and archive parameters, they will be loaded by the same class loader instance. This behavior is required for backward compatibility , and is relied on by several real-world applications. The result is that multiple applets on the same web page may access each others' static variables at the Java language level, effectively allowing the multiple applets to be written as though they comprised a single application.

...

Wiki Markup
Improper use of {{public static}} fields can also result in type safety issues. For example, untrusted code maycan supply an unexpected subtype when the variable is defined to be of a more general type, such as {{java.lang.Object}} \[[Gong 2003|AA. Bibliography#Gong 03]\].

...

An attacker can replace the function table as follows.:

Code Block
FunctionTable.m_functions = <new_table>;

Replacing the function table gives the attacker access to the XPathContext. The XPathContext is used to set the reference node for evaluating XPath expressions. Manipulating it can allow XML fields to be modified in inconsistent ways, resulting in unexpected behavior. Also, because static variables are global across the Java Runtime Environment (JRE), they can be used as a covert communication channel between different application domains (e.g.for example, through code loaded by different class loaders).

...

This compliant solution declares the FuncLoader static field as final and treats it like a constant.

...

This compliant solution declares the serialVersionUID field as final and limits its accessibility to private.

...

The serialization mechanism internally uses the serialVersionUID field, so no accessible wrapper methods are required.

...

Unauthorized modifications of public static variables can result in unexpected behavior and violation of class invariants. Further, because static variables are global across the Java Runtime Environment (JRE), they can be used as a covert communication channel between different application domains (e.g.for example, through code loaded by different class loaders).

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

OBJ03-J

medium

probable

medium

P8

L2

Related Guidelines

MITRE CWE: CWE-582 "Array Declared Public, Final, and Static"

MITRE CWE: CWE-493 "Critical Public Variable Without Final Modifier"

MITRE CWE: CWE-500 "Public Static Field Not Marked Final"

Bibliography

Wiki Markup
\[[FT 2008|AA. Bibliography#FT 08]\] 
\[[Gong 2003|AA. Bibliography#Gong 03]\] 9.3 Static Fields
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 582|http://cwe.mitre.org/data/definitions/582.html] "Array Declared Public, Final, and Static", [CWE ID 493|http://cwe.mitre.org/data/definitions/493.html] "Critical Public Variable Without Final Modifier", [CWE ID 500|http://cwe.mitre.org/data/definitions/500.html] "Public Static Field Not Marked Final"
\[[Nisewanger 2007|AA. Bibliography#Nisewanger 07]\] Antipattern 5, Misusing Public Static Variables
\[[SCG 2007|AA. Bibliography#SCG 07]\] Guideline 3.1, Treat public static fields as constants
\[[Sterbenz 2006|AA. Bibliography#Sterbenz 06]\] Antipattern 5, Misusing Public Static Variables

...