The bytecode verifier is an internal component of the JVM and is responsible for detecting non-confirming Java code. It ensures that the class file is in the proper format, that illegal type casts are not performed, and it prevents operand stack overflows or underflows. Users sometime assume that their code is safe and disable bytecode verification. This practice is extremely dangerous.
Noncompliant Code Example
The verification process is automatically initiated unless the -Xverify:none
flag is specified on the command line. This noncompliant example uses this flag.
java -Xverify:none application.java
Compliant Solution
Bytecode verification happens by default in most implementations. If it does not, the -Xverify:all
flag can be specified on the java
command line.
On Java 2 systems, classes loaded by the primordial class loader (that loads classes from the boot class path) are not required to perform bytecode verification. The verification is automatically performed when a class loader loads a class dynamically.
Risk Assessment
The code that is not subject to bytecode verification can bypass security checks that are normally expected to be performed by Java code.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
ENV34- J |
high |
likely |
low |
P27 |
L1 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Oaks 01]] The Bytecode Verifier
[[Pistoia 04]] Section 7.3, The Class File Verifier
OBJ36-J. Provide mutable classes with a clone method 01. Platform Security (SEC) 02. Declarations and Initialization (DCL)