Member methods of non-final classes that perform security checks can be compromised when a malicious subclass overrides the methods and omits the checks. Consequently, such methods must be declared private or final to prevent overriding.
This noncompliant code example allows a subclass to override the readSensitiveFile() method and omit the required security check.
public void readSensitiveFile() {
try {
SecurityManager sm = System.getSecurityManager();
if (sm != null) { // Check for permission to read file
sm.checkRead("/temp/tempFile");
}
// Access the file
} catch (SecurityException se) {
// Log exception
}
}
|
This compliant solution prevents overriding of the readSensitiveFile() method by declaring it final.
public final void readSensitiveFile() {
try {
SecurityManager sm = System.getSecurityManager();
if (sm != null) { // Check for permission to read file
sm.checkRead("/temp/tempFile");
}
// Access the file
} catch (SecurityException se) {
// Log exception
}
}
|
This compliant solution prevents overriding of the readSensitiveFile() method by declaring it private.
private void readSensitiveFile() {
try {
SecurityManager sm = System.getSecurityManager();
if (sm != null) { // Check for permission to read file
sm.checkRead("/temp/tempFile");
}
// Access the file
} catch (SecurityException se) {
// Log exception
}
}
|
MET03-EX0: Classes that are declared final are exempt from this guideline because their member methods cannot be overridden.
Failure to declare a non-final class's method private or final affords the opportunity for a malicious subclass to bypass the security checks performed in the methods.
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MET03-J |
medium |
probable |
medium |
P8 |
L2 |
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
\[[Ware 2008|AA. Bibliography#Ware 08]\] |
MET01-J. Validate method parameters 05. Methods (MET) MET04-J. Ensure that constructors do not call overridable methods