...
At a later date, the maintainer of the Account class added a new method called overdraft(). However, the BankAccount class maintainer was unaware of the change. Consequently, the client application became vulnerable to malicious invocations. For example, the overdraft() method could be invoked directly on a BankAccount object, avoiding the security checks that should have been present. The following noncompliant code example shows this vulnerability:
| Code Block | ||
|---|---|---|
| ||
private class Account {
// Maintains all banking-related data such as account balance
private double balance = 100;
boolean overdraft() {
balance += 300; // Add 300 in case there is an overdraft
System.out.println("Added back-up amount. The balance is :"
+ balance);
return true;
}
// Other Account methods
}
public class BankAccount extends Account {
// Subclass handles authentication
// NOTE: unchanged from previous version
// NOTE: lacks override of overdraft method
}
public class Client {
public static void main(String[] args) {
Account account = new BankAccount();
// Enforce security manager check
boolean result = account.withdraw(200.0);
if (!result) {
result = account.overdraft();
}
System.out.println("Withdrawal successful? " + result);
}
}
|
...
Modifying a superclass without considering the effect on subclasses can introduce vulnerabilities. Subclasses that are developed without awareness of the superclass implementation can be subject to erratic behavior, resulting in inconsistent data state and mismanaged control flow.
...
Secure Coding Guidelines for the Java Programming LanguageSE, Version 35.0 | Guideline 1-3. 4-6 / EXTEND-6: Understand how a superclass can affect subclass behavior |
...