Every serializable container class that has private mutable instance variables must defensively copy them in the readObject() method. An adversary can append extra references to the variables to generate a new byte stream. When deserialized, this byte stream allows the creation of a container instance whose internal variable references will be are attacker controllable. Consequently, this allows the instance of the container class to mutate and violate its guarantees.
...
This compliant solution creates a defensive copy of the mutable Date object in the readObject() method.
| Code Block | ||
|---|---|---|
| ||
private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
ois.defaultReadObject();
//defensively copy the mutable component
date = new Date(date.getTime());
//perform validation if necessary
}
|
...