SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 21

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example errs by defining statements that can throw exceptions when logging is in process. It aims to log a security exception generated within main, however, ends up logging the FileNotFoundException because a careless administrator renamed the log file or a crafty attacker caused the logging mechanism to fail through network tampering. While this code is slightly convoluted, it is easy to fall prey to similar mistakes that can result in an important security exception from not being logged properly.

Code Block
bgColor#FFcccc
import java.util.logging.Logger;
import java.io.FileReader;
import java.io.BufferedReader;
import java.io.FileNotFoundException;

public class ExceptionLog {
  private String logMessage;
  private static Logger theLogger = Logger.getLogger("ExceptionLog.class.getName()");

  public static void main(String[] args) {
    ExceptionLog log = new ExceptionLog();
    //some security exception occurs here
    log.logMessage("Security Exception has occurred!");
    log.writeLog(); 
  }
  
  public void logMessage(String message) {
    logMessage = message;
  }
  
  public void writeLog() {
    theLogger.info("Starting to log");      
    try {
         FileWriter fw = new FileWriter("log_file.txt");  //this can throw an exception and prevent logging 
          BufferedWriter br = new BufferedWriter(fw);
    } catch (FileNotFoundException fnf){ logMessage("File Not Found Exception!"); }
      catch(IOException ie) { logMessage("IO Exception!"); }          
    System.err.println(logMessage);    
    //misses writing the original security exception to log file, as logMessage has changed
  }
}

...

This compliant solution declares all statements that can possibly throw exceptions prior to performing any security critical operations. As a result, other exceptions do not interfere with the exceptions that need to be logged. While this is a stringent requirement, it is necessary in cases where an exception can be deliberately thrown to conceal an attacker's tracks. The logging mechanism must be robust and should be able to detect and handle such phenomena.

Code Block
bgColor#ccccff

import java.util.logging.Logger;
import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.FileNotFoundException;
import java.io.IOException;

public class ExceptionLog {
  private static String logMessage;
	
  private static Logger theLogger =
    Logger.getLogger("ExceptionLog.class.getName()");

  public static void main(String[] args) {
    ExceptionLog log = new ExceptionLog();
    FileWriter fw=null;
    BufferedWriter bw=null;
    try {
      fw = new FileWriter("log_file.txt");  //this can throw an exception, but security exception is still logged 
      bw = new BufferedWriter(fw);
    }catch (FileNotFoundException fne){ logMessage("File Not Found Exception!"); } 
     catch (IOException e) { logMessage("IO Exception!"); }
          
    //some security exception occurs here
    log.logMessage("Security Exception has occurred!");
    log.writeLog(bw); 
  }
  
  public static void logMessage(String message) {
    logMessage = message;
  }
  
  public void writeLog(BufferedWriter bw) {
    theLogger.info("Starting to log");      
    // log to file  
    System.err.println(logMessage);    
  }
}

...