Classes that implement the Externalizable
interface must provide the readExternal()
and writeExternal()
methods. These methods have package access or are public
, and so they can be called by trusted and hostile code alike. Consequently, programs must ensure that these methods execute only when intended, and that they cannot overwrite the internal state of objects at arbitrary points during program execution.
Noncompliant Code Example
This noncompliant code example allows any to reset the value of the object at any time, because the readExternal()
method is necessarily declared to be public and lacks protection against hostile callers.
Code Block | ||
---|---|---|
| ||
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { // Read instance fields this.name = (String)in.readObject(); this.UID = in.readInt(); //... } |
Compliant Solution
This compliant solution protects against race-conditions by synchronizing on a private lock object (see LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code). It also protects against multiple initialization through the use of a boolean flag that is set after the instance fields have been populated.
...
Note that this compliant solution is insufficient to protect sensitive data.
Risk Assessment
Failure to prevent the overwriting of externalizable objects can corrupt the state of the object.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
SER13-J | low | probable | low | P6 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8ef07d79968e3d64-142ce2be-405548f4-9524bcc9-19279ee6a398f73c88dd3654"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="eed7a317171951b4-0adace14-48694feb-92bb81cf-4e7373522a09c19a715cd909"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification: A.7 Preventing Overwriting of Externalizable Objects" | ]]></ac:plain-text-body></ac:structured-macro> |
...