SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 17

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp) v1.0

Serialized objects can be altered unless they are protected using mechanisms such as sealing and signing (SEC16-J. Sign and seal sensitive objects before transit). If an attacker can alter the serialized form of the object, it becomes possible to modify the system resource that the serialized handle refers to. For example, an attacker may modify a serialized file handle to refer to an arbitrary file on the system. In the absence of a security manager, any operations that use the file handle, will be carried out using the attacker supplied file path and file name.

Noncompliant Code Example

This noncompliant code example declares a serializable File object in the class BadSer. The serialized form of the object exposes the file path, which can be altered. When the object is deserialized, the operations will be performed using the altered path.

Code Block
bgColor#FFcccc
final class BadSer implements Serializable { 	
  File f;
  public BadSer() throws FileNotFoundException {
    f  = new File("c:\\filepath\\filename");
  }	 
}

Compliant Soluton

This compliant solution shows a final class Ser that does not implement java.io.Serializable. Consequently, the File object cannot be serialized.

Code Block
bgColor#ccccff
final class Ser { 	
  File f;
  public BadSer() throws FileNotFoundException {
    f  = new File("c:\\filepath\\filename");
  }	 
}

Compliant Solution

This compliant solution declares the File object transient. Consequently, the file path is not exposed.

Code Block
bgColor#ccccff
final class Ser implements Serializable { 	
  transient File f;
  public BadSer() throws FileNotFoundException {
    f  = new File("c:\\filepath\\filename");
  }	 
}

Risk Assessment

Deserializing direct handles to system resources can allow the modification of the resources being referred to.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER10- J

high

probable

low

P18

L1

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Sun 2006|AA. Java References#Sun 06]\] "Serialization specification"

SER09-J. Do not deserialize from a privileged context      18. Serialization (SER)      SER11-J. Do not invoke overridable methods from the readObject method