SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 30

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If a class implements Externalizable, Classes that implement the Externalizable interface must provide the readExternal() and writeExternal() methods must be provided. Unfortunately, these . These methods are public and , consequently, can be called by hostile code capable of overwriting trusted and hostile code alike. Consequently, programs must ensure that these methods execute only when intended, and that they cannot overwrite the internal state of the object at any point objects at arbitrary points during program execution.

...

This noncompliant code example allows anyone any to reset the value of the object because of the public access modifier of at any time, because the readExternal() method is necessarily declared to be public and lacks protection against hostile callers.

Code Block
bgColor#FFcccc
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
   // Read instance fields
   this.name = (String)in.readObject();
   this.UID = in.readInt();
   //...
}

Compliant Solution

This compliant solution is thread-safe and allows the caller to check the initialized flag after which the instance fields are populated. Finally, the flag is set to true so that the fields cannot be overwrittenprotects against race-conditions by synchronizing the method. It also protects against multiple initialization through the use of a boolean flag that is set after the instance fields have been populated.

Code Block
bgColor#ccccff
public synchronized void readExternal(ObjectInput in)
 throws IOException, ClassNotFoundException {
  if (!initialized) {
    // Read instance fields
    this.name = (String)in.readObject();
    this.UID = in.readInt();
    //...  
    initialized = true;
  } else {
    throw new IllegalStateException();
  }
}

Note that this compliant solution is insufficient to protect sensitive data.

Risk Assessment

Failure to prevent the overwriting of externalizable objects can corrupt the state of the object.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SER13-J

low

probable

low

P6

L2

Automated Detection

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

...