SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 78

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version Current

changes.mady.by.user Jon O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Exceptions that are thrown while logging is in progress can prevent successful logging unless special care is taken. Failure to account for exceptions during the logging process can cause security vulnerabilities, such as allowing an attacker to conceal critical security exceptions by preventing them from being logged. Consequently, programs must ensure that data logging continues to operate correctly even when exceptions are thrown during the logging process.

...

This noncompliant code example writes a critical security exception to the standard error stream. :

Code Block
bgColor#FFcccc

try {
  // ...
} catch (SecurityException se) {
  System.err.println(ese);
  // Recover from exception
}

Writing such exceptions to the standard error stream is inadequate for logging purposes. First, the standard error stream may be exhausted or closed, preventing recording of subsequent exceptions. Second, the trust level of the standard error stream may be insufficient for recording certain security-critical exceptions or errors without leaking sensitive information. If an I/O error occurs were to occur while writing the security exception, the catch block will would throw an IOException and the critical security exception will would be lost. Finally, an attacker may disguise the exception so that it occurs with several other innocuous exceptions.

Similarly, using Using Console.printf(), System.out.print*(), or Throwable.printStackTrace() to output a security exception also constitutes a violation of this rule.

...

This compliant solution uses java.util.logging.Logger, the default logging API provided by JDK 1.4 and later. Use of other compliant logging mechanisms, such as log4j, is also permitted.

Code Block
bgColor#ccccff

try {
  // ...
} catch(SecurityException se) {
  logger.log(Level.SEVERE, se);
  // Recover from exception
}

...

Exceptions thrown during data logging can cause loss of data and can conceal security problems.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR02-J

medium

Medium

likely

Likely

high

High

P6

L2

Automated Detection

ToolVersionChecker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.DEBUG.LOG

Debug Warning (Java)

SonarQube
Include Page
SonarQube_V
SonarQube_V
S106Standard outputs should not be used directly to log anything


Related Vulnerabilities

HARMONY-5981

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d831221e-d0ab-4d99-97da-4bc991094413"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[Class Logger

http://java.sun.com/javase/6/docs/api/java/util/logging/Logger.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8aa518b2-68b4-4e5f-be5a-29c932ce5c78"><ac:plain-text-body><![CDATA[

[[JLS 2005

AA. Bibliography#JLS 05]]

[Chapter 11, Exceptions

http://java.sun.com/docs/books/jls/third_edition/html/exceptions.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="13b7276e-d94b-4e9a-ba45-ae2d996696b6"><ac:plain-text-body><![CDATA[

[[Ware 2008

AA. Bibliography#Ware 08]]

 

]]></ac:plain-text-body></ac:structured-macro>

describes a vulnerability in the HARMONY implementation of Java. In this implementation, the FileHandler class can receive log messages, but if one thread closes the associated file, a second thread will throw an exception when it tries to log a message.

Bibliography

[API 2014]

Class Logger

[JLS 2015]

Chapter 11, "Exceptions"

[Ware 2008]



...

Image Added Image Added Image Removed      06. Exceptional Behavior (ERR)