Page History

...

This noncompliant code example shows a Dimensions class that contains three internal attributes, the length, width, and height of a rectangular box. The getVolumePackage() method is designed to return the total volume required to hold the box , after accounting for packaging material, which further adds 2 units to the dimensions of each side. Non-positive Nonpositive values of the dimensions of the box (exclusive of packaging material) are rejected during input validation. No dimension can be larger than 10. Also, the weight of the object is passed in as an argument and cannot be more than 20 units.

...

protected int getVolumePackage(int weight) {
  length += PADDING;
  width  += PADDING;
  height += PADDING;
  try {
    if (length <= PADDING || width <= PADDING || height <= PADDING ||
      length > MAX_DIMENSION + PADDING || 
      width > MAX_DIMENSION + PADDING || 
      height > MAX_DIMENSION + PADDING || 
      weight <= 0 || weight > 20) {
      throw new IllegalArgumentException();
    }

    int volume = length * width * height; // 12 * 12 * 12 = 1728
    return volume;
  } catch (Throwable t) {
    MyExceptionReporter mer = new MyExceptionReporter();
    mer.report(t); // Sanitize
    return -1; // Non-positive error code
  } finally {
    // Revert back
    length -= PADDING; width -= PADDING; height -= PADDING; // Revert back
  }
}

Compliant Solution (Input Validation)

This compliant solution improves upon on the previous solution by performing input validation before modifying the state of the object. Note that the try block contains only those statements that could throw the exception; all others have been moved outside the try block.

...

This compliant solution avoids the need to modify the object. The object's state cannot be made inconsistent, and rollback is consequently unnecessary. This approach is preferred to solutions which that modify the object but may be infeasible for complex code.

protected int getVolumePackage(int weight) {
  try {
    if (length <= 0 || width <= 0 || height <= 0 ||
        length > MAX_DIMENSION || width > MAX_DIMENSION ||
        height > MAX_DIMENSION ||
        weight <= 0 || weight > 20) {
      throw new IllegalArgumentException(); // Validate first
    }
  } catch (Throwable t) { 
    MyExceptionReporter mer = new MyExceptionReporter();
    mer.report(t); // Sanitize
    return -1;
  }

  int volume = (length + PADDING) * (width + PADDING) *
               (height + PADDING);
  return volume;
}

...

Related Vulnerabilities

CVE-2008-0002 describes a vulnerability in several versions of Apache Tomcat. If an exception occurs during parameter processing, the program can be left in the context of the wrong request, which might allow remote attackers to obtain sensitive information. An exception can be triggered by disconnecting from Tomcat during this processing.

Related Guidelines

Bibliography

...