...
The compliant solution correctly implements security manager checks in all constructors, methods that can modify internal state and methods that retrieve internal state. As a result, an attacker cannot create an instance of the object with modified state (using deserialization) and cannot simply read the serialized byte stream to uncover sensitive data (using serialization).
| Code Block | ||
|---|---|---|
| ||
import java.io.Serializable; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; public final class SecureCreditCard implements java.io.Serializable { //private internal state private String credit_card; private static final String DEFAULT = "DEFAULT"; public SecureCreditCard() { //initialize credit_card to default value credit_card = DEFAULT; } //allows callers to modify (private) internal state public void changeCC(String newCC) { if (credit_card.equals(newCC)) { // no change return; } else { // check permissions to modify credit_card performSecurityManagerCheck(); validateInput(newCC); credit_card = newCC; } } // readObject correctly enforces checks during deserialization private void readObject(java.io.ObjectInputStream in) { in.defaultReadObject(); // if the deserialized name does not match the default value normally // created at construction time, duplicate the checks if (!DEFAULT.equals(credit_card)) { performSecurityManagerCheck(); validateInput(credit_card); } } // allows callers to retrieve internal state public String getValue() { // check permission to get value performSecurityManagerCheck(); return somePublicValue; } // writeObject correctly enforces checks during serialization private void writeObject(java.io.ObjectOutputStream out) { // duplicate check from getValue() performSecurityManagerCheck(); out.writeObject(credit_card); } } |
...