Member methods of non-final classes that perform security checks can be compromised when a malicious subclass overrides the methods and omits the checks. Consequently, such methods must be declared private or final to prevent overriding.
Noncompliant Code Example
This noncompliant code example allows a subclass to override the readSensitiveFile()
method and omit the required security check.
public void readSensitiveFile() { try { SecurityManager sm = System.getSecurityManager(); if (sm != null) { // Check for permission to read file sm.checkRead("/temp/tempFile"); } // Access the file } catch (SecurityException se) { // Log exception } }
Compliant Solution
This compliant solution prevents overriding of the readSensitiveFile()
method by declaring it final.
public final void readSensitiveFile() { try { SecurityManager sm = System.getSecurityManager(); if (sm != null) { // Check for permission to read file sm.checkRead("/temp/tempFile"); } // Access the file } catch (SecurityException se) { // Log exception } }
Compliant Solution
This compliant solution prevents overriding of the readSensitiveFile()
method by declaring it private.
private void readSensitiveFile() { try { SecurityManager sm = System.getSecurityManager(); if (sm != null) { // Check for permission to read file sm.checkRead("/temp/tempFile"); } // Access the file } catch (SecurityException se) { // Log exception } }
Exceptions
MET03-EX0: Classes that are declared final are exempt from this rule because their member methods cannot be overridden.
Risk Assessment
Failure to declare a non-final class's method private or final affords the opportunity for a malicious subclass to bypass the security checks performed in the method.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MET03-J |
medium |
probable |
medium |
P8 |
L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="32adb397-d70d-4ebd-8c62-79f29f64ecd4"><ac:plain-text-body><![CDATA[ |
[[Ware 2008 |
AA. Bibliography#Ware 08]] |
]]></ac:plain-text-body></ac:structured-macro> |