...
This noncompliant code example allows a subclass to override the readSensitiveFile() method and omit the required security check.
| Code Block | ||
|---|---|---|
| ||
public void readSensitiveFile() {
try {
SecurityManager sm = System.getSecurityManager();
if (sm != null) { // Check for permission to read file
sm.checkRead("/temp/tempFile");
}
// Access the file
} catch (SecurityException se) {
// Log exception
}
}
|
...
This compliant solution prevents overriding of the readSensitiveFile() method by declaring it final.
| Code Block | ||
|---|---|---|
| ||
public final void readSensitiveFile() {
try {
SecurityManager sm = System.getSecurityManager();
if (sm != null) { // Check for permission to read file
sm.checkRead("/temp/tempFile");
}
// Access the file
} catch (SecurityException se) {
// Log exception
}
}
|
...
This compliant solution prevents overriding of the readSensitiveFile() method by declaring it private.
| Code Block | ||
|---|---|---|
| ||
private void readSensitiveFile() {
try {
SecurityManager sm = System.getSecurityManager();
if (sm != null) { // Check for permission to read file
sm.checkRead("/temp/tempFile");
}
// Access the file
} catch (SecurityException se) {
// Log exception
}
}
|
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MET03-J | medium | probable | medium | P8 | L2 |
Android Implementation Details
On Android, System.getSecurityManager() is not used and the use of a Security Manager is not exercised. However, an Android developer can implement security-sensitive methods so the principle may be applicable on Android.
Bibliography
IH.2.b.b. Declare methods that enforce SecurityManager checks final -- especially in non-final classes. |