SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

Member methods of non-final classes that perform security checks can be compromised when a malicious subclass overrides the methods and omits the checks. Consequently, such methods must be declared private or final to prevent overriding.

Noncompliant Code Example

This noncompliant code example allows a subclass to override the readSensitiveFile() method and omit the required security check.

public void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check for permission to read file
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception  
  }
}

Compliant Solution

This compliant solution prevents overriding of the readSensitiveFile() method by declaring it final.

public final void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check for permission to read file
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception 
  }
}

Compliant Solution

This compliant solution prevents overriding of the readSensitiveFile() method by declaring it private.

private void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check for permission to read file
      sm.checkRead("/temp/tempFile");
    } 
    // Access the file
  } catch (SecurityException se) { 
    // Log exception 
  }
}

Exceptions

MET03-EX0: Classes that are declared final are exempt from this guideline because their member methods cannot be overridden.

Risk Assessment

Failure to declare a non-final class's method private or final affords the opportunity for a malicious subclass to bypass the security checks performed in the methods.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET03-J

medium

probable

medium

P8

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

[[Ware 2008]]

MET02-J. Never use assertions to validate method parameters      05. Methods (MET)      MET04-J. Ensure that constructors do not call overridable methods

  • No labels