SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 49

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 50

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki MarkupHardcoding sensitive information, such as passwords, server IP addresses and encryption keys, can expose the information to adversaries. Anyone who has access to the class files can decompile them and consequently can discover the sensitive information. Consequently, hardcoding sensitive information is forbidden.

Wiki Markup
Hardcoding sensitive information also increases the need is an extremely dangerous practice. This is because adversaries who have access to the class files can decompile them to discover the sensitive information. Additionally, once the system goes into production mode, it can become unwieldy to manage and accommodate changes to the code. For instanceexample, changing a hardcoded changepassword in passworda mayfielded needprogram tomay berequire communicateddistribution usingof a patch \[[Chess 2007|AA. Bibliography#Chess 07]\].

Noncompliant Code Example

This noncompliant code example uses a password field instantiated as hard coded in a constant String.

Code Block
bgColor#FFcccc
class Password {
  String password = new String("guest");
  public static void main(String[] args) {
    //..
 }
}

...

Compliant Solution

This compliant solution uses a char array to store retrieves the password after it is retrieved from an external file existing located in a secure directory. The password is immediately cleared after use, limiting the exposure timeExposure is further limited by clearing the password immediately after use.

Code Block
bgColor#ccccff
class Password {
  public static void main(String[] args) throws IOException {
    char[] password = new char[100];	
    BufferedReader br = new BufferedReader(new InputStreamReader(
      new FileInputStream("credentials.txt")));

    // Reads the password into the char array, returns the number of bytes read 
    int n = br.read(password);  
    // Decrypt password, perform operations
    for(int i = n - 1; i >= 0; i--) {  // Manually clear out the password immediately after use 
      password[i] = 0;	 
    }
    br.close();
  }
}

...

Note that the one and two argument java.sql.DriverManager.getConnection() methods may can also be used incorrectly. Applets that contain similar code are also unacceptable because they may be executed in untrusted environments.

...

This compliant solution reads the user name and password from a configuration file present located in a secure directory.

Code Block
bgColor#ccccff
public final Connection getConnection() throws SQLException {
  // Username and password are read at runtime from a secure config file
  return DriverManager.getConnection("jdbc:mysql://localhost/dbName", username, password);
}

It is also permissible to prompt the user for the user name and password at runtime and use the entered values.

Risk Assessment

Hardcoding sensitive information exposes that information allows an attacker to glean the informationto attackers.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MSC03-J

high

probable

medium

P12

L1

Automated Detection

TODO

Related Vulnerabilities

GERONIMO-2925, GERONIMO-1135

...

Bibliography

Wiki Markup
\[[Gong 2003|AA. Bibliography#Gong 03]\] 9.4 Private Object State and Object Immutability
\[[Chess 2007|AA. Bibliography#Chess 07]\] 11.2 Outbound Passwords: Keep Passwords out of Source Code
\[[Fortify 2008|AA. Bibliography#Fortify 08]\] "Unsafe Mobile Code: Database Access"
\[[Gong 2003|AA. Bibliography#Gong 03]\] 9.4 Private Object State and Object Immutability
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE-259|http://cwe.mitre.org/data/definitions/259.html] "Hard-Coded Password," [CWE-798|http://cwe.mitre.org/data/definitions/798.html], "Use of Hard-coded Credentials"

...