SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 5

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0 (sch jp)

...

As an example, the security manager denies applets all but the most essential privileges. The security manager is designed to protect inadvertent system modification, information leakage and user impersonation. From Java 2 Platform onwards, SecurityManager is a non-abstract class. Thus As a result there is no explicit requirement of overriding its methods. To use a security manager, the code must have the runtime permissions createSecurityManager (to instantiate SecurityManager and avoid certain information leakage) and setSecurityManager to install it.

...

Noncompliant Code Example

The worst form of non-compliance is not using the the security manager at all. Even when used, there can be cases where the appropriate checks are not installed. In the non-compliant noncompliant code that follows, a null value has been passed to the setSecurityManager method that is responsible for establishing a current instance of SecurityManager. Moreover, the checkPermission (or any check*) method has not been used.

...

Any Java program (bean, servlet or application) can instantiate a SecurityManager. However, for applications designed to run locally, an explicit flag must be set to enforce the SecurityManager policy. In the non-compliant noncompliant example highlighted below, this flag has not been used which circumvents all SecurityManager checks.

Code Block
bgColor#FFcccc
java application

Compliant Solution

This compliant solution demonstrates how a custom SecurityManager class called CustomSecurityManager can be activated by invoking its constructor with a password. Various check methods defined within the class can then be invoked to perform access checks. Alternatively, to use the default security manager change the active instance to java.lang.SecurityManager.

...

http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html discusses writing policy files in good depth.

...

Risk Assessment

TODO

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-J

??

??

??

P??

L??

Automated Detection

TODO

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

(h2. Ref)erences

Default Policy Implementation and Policy File Syntax http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html]
Enterprise Java Security: Building Secure J2EE Applications, 7.4 The Security Manager
Inside Java 2 Platform Security, 6.1 Security Manager