SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 44

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 45

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When defensive copying is necessary, make the defensive copies before parameter validation; validate the copies rather than the original parameters. See guideline SER07-J. Make defensive copies of private mutable components for additional information.

Noncompliant Code Example

In this noncompliant code example, setState() and useState() fail to validate their parameters. A malicious caller could pass an invalid state to the library, consequently corrupting it and exposing a vulnerability.

...

Such vulnerabilities are particularly severe when the internal state references sensitive or system-critical data.

Compliant Solution

This compliant solution validates the method parameters and also verifies the internal state before use. This promotes consistency in program execution and reduces potential for vulnerabilities.

Code Block
bgColor#ccccff
private Object myState = null;

// Sets some internal state in the library 
void setfile(Object state) {
  if (state == null) {
    // Handle null state 
  }

  // Defensive copy here when state is mutable

  if (isInvalidState(state)) {
    // Handle invalid state 
  }
  myState = state;
}

// Performs some action using the state passed earlier 
void useState() {
  if (myState == null) {
    // Handle no state (e.g. null) condition
  }
  // ...
}

Exceptions

MET02MET01-EX0: Parameter validation inside a method may be omitted when the stated contract of a method requires that the caller must validate arguments passed to the method. In this case, the validation must be performed by the caller for all invocations of the method.

MET02MET01-EX1: Parameter validation may be omitted for parameters whose type adequately constrains the state of the parameter. This constraint should be clearly documented in the code.

MET02MET01-EX2: Complete validation of all parameters of all methods may introduce added cost and complexity that exceeds its value for all but the most critical code. See, for example, NUM00-J. Detect or prevent integer overflow exception NUM00-EX2. In such cases, consider parameter validation at API boundaries, especially those that may involve interaction with untrusted code.

Risk Assessment

Failure to validate method parameters can result in inconsistent computations, runtime exceptions, and control flow vulnerabilities.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET02 MET01-J

medium

probable

medium

P8

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

Wiki Markup
\[[Bloch 2008|AA. Bibliography#Bloch 08]\] Item 38: Check parameters for validity

...