...
This noncompliant example derives some functional behavior from the implementation of the class java.lang.StringBuffer, prior to JDK v1.5. A SensitiveClass class is defined which contains a character array used to internally hold a filename, and a Boolean shared variable. When a client requests a String instance by invoking the get() method, the shared flag is set. Operations that can modify the array are subsequently prohibited in order to be consistent with the returned String object. ThereforeConsequently, the replace() method designed to replace all elements of the array with an 'x', cannot execute normally when the flag is set. Java's cloning feature provides a way to illegally work around this constraint even though SensitiveClass does not implement the Cloneable interface.
...
Sensitive classes should not implement the Cloneable interface. If the class extends from a superclass that implements Cloneable (and is therefore consequently cloneable), it's clone() method should throw a CloneNotSupportedException. This exception must be caught and handled by the client code. A sensitive class that does not implement Cloneable must also follow this advice.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC37- J | medium | probable | medium | P8 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Mcgraw 98|AA. Java References#Mcgraw 98]\] \[[Wheeler 03|AA. Java References#Wheeler 03]\] 10.6. Java \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 498|http://cwe.mitre.org/data/definitions/498.html] "Information Leak through Class Cloning", [CWE ID 491|http://cwe.mitre.org/data/definitions/491.html] "Public cloneable() Method Without Final (aka 'Object Hijack')" |
...