SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user Dean Sutherland

Saved on

compared with

New Version 23

changes.mady.by.user Dean Sutherland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
class SensitiveHash {
  Hashtable<Integer,String> ht = new Hashtable<Integer,String>();
  
  public void removeEntry(Object key) {
    ht.remove(key);
  }
}

...

Code Block
bgColor#ccccff
class SensitiveHash {
  Hashtable<Integer,String> ht = new Hashtable<Integer,String>();

  void removeEntry(Object key) {
    check("removeKeyPermission");
    ht.remove(key);    
  }

  private void check(String directive) {
    SecurityManager sm = System.getSecurityManager();
      if (sm != null) {
        sm.checkSecurityAccess(directive);
      }
  }
}

...

Code Block
bgColor#FFcccc
SecurityManager sm = System.getSecurityManager();

if(sm != null) {  //check if file can be read
  sm.checkRead("/local/schema.dtd");
}

Compliant Solution

Two methods, checkPermission(Permission perm) and checkPermission(Permission perm, Object context), were added to the SecurityManager class in J2SE 1.2. The motivations for this change were manifold:

...

Code Block
bgColor#ccccff
SecurityManager sm = System.getSecurityManager();
  
if(sm != null) {  //check if file can be read
  DTDPermission perm = new DTDPermission("/local/",  "readDTD");
  sm.checkPermission(perm);
}

...

Code Block
bgColor#ccccff
// Take the snapshot of the required context, store in acc and pass it to another context
AccessControlContext acc = AccessController.getContext(); 

// Accept acc in another context and invoke checkPermission() on it
acc.checkPermission(perm);

Risk Assessment

Failing to enforce security checks in code that performs sensitive operations can lead to malicious tampering of sensitive data.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SEC08-J

high

probable

medium

P12

L1

Automated Detection

Identifying sensitive operations requires assistance from the programmer; fully-automated identification of sensitive operations is beyond the current state of the art.

Given knowledge of which operations are sensitive as well as which security checks must be enforced for those operations, an automated tool could reasonably enforce the invariant that the sensitive operations are invoked only from contexts where the security checks have been performed.TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

...