If an exception is thrown while logging is in processprogress, the important data will not be logged unless special care is taken. This can lead to a multitude of vulnerabilities, either denial of service or ones that allow the attacker to conceal critical security exceptions by preventing them from being logged.
...
| Code Block | ||
|---|---|---|
| ||
import java.util.logging.Logger;
import java.io.FileReader;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
public class ExceptionLog {
private String logMessage;
private static Logger theLogger = Logger.getLogger("ExceptionLog.class.getName()");
public static void main(String[] args) {
ExceptionLog log = new ExceptionLog();
//some security exception occurs here
log.logMessage("Security Exception has occurred!");
log.writeLog();
}
public void logMessage(String message) {
logMessage = message;
}
public void writeLog() {
theLogger.info("Starting to log");
try {
FileWriter FileReader frfw = new FileReaderFileWriter("log_file.txt"); //this can throw an exception and prevent logging
BufferedReaderBufferedWriter br = new BufferedReaderBufferedWriter(frfw);
} catch (FileNotFoundException fnefnf){ logMessage("File Not Found Exception!"); }
catch(IOException ie) { logMessage("IO Exception!"); }
System.err.println(logMessage);
//misses writing the original security exception to log file, as logMessage has changed
}
}
|
Compliant Solution
This compliant solution declares all statements that can possibly throw exceptions prior to performing any security critical operations. As a result other exceptions do not interfere with the exceptions that need to be logged. While this is a stringent requirement, it is necessary in cases where an exception can be deliberately thrown to conceal an attacker's tracks. The logging mechanism must be robust and should be able to detect and handle such phenomena. A slightly more expensive alternative is to support recursive logging.
...