CWE-498 包含敏感信息的可克隆类

admin
admin
admin
139580
文章
114
评论
2021年12月16日16:45:49评论120 views字数 2070阅读6分54秒阅读模式

CWE-498 包含敏感信息的可克隆类

Cloneable Class Containing Sensitive Information

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: Medium

基本描述

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

扩展描述

Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: CanPrecede cwe_CWE_ID: 200 cwe_View_ID: 1000

  • cwe_Nature: CanPrecede cwe_CWE_ID: 200 cwe_View_ID: 699

适用平台

Language: [{'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C#', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Access Control Bypass Protection Mechanism A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed.

可能的缓解方案

Implementation

策略:

If you do make your classes clonable, ensure that your clone method is final and throw super.clone().

示例代码

The following example demonstrates the weakness.

bad Java

public class CloneClient {

public CloneClient() //throws
java.lang.CloneNotSupportedException {


Teacher t1 = new Teacher("guddu","22,nagar road");
//...
// Do some stuff to remove the teacher.
Teacher t2 = (Teacher)t1.clone();
System.out.println(t2.name);

}
public static void main(String args[]) {


new CloneClient();

}

}
class Teacher implements Cloneable {


public Object clone() {


try {

return super.clone();

}
catch (java.lang.CloneNotSupportedException e) {


throw new RuntimeException(e.toString());

}

}
public String name;
public String clas;
public Teacher(String name,String clas) {


this.name = name;
this.clas = clas;

}

}

Make classes uncloneable by defining a clone function like:

good Java

public final void clone() throws java.lang.CloneNotSupportedException {

throw new java.lang.CloneNotSupportedException();

}

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Information leak through class cloning
The CERT Oracle Secure Coding Standard for Java (2011) OBJ07-J Sensitive classes must not let themselves be copied
Software Fault Patterns SFP23 Exposed Data

文章来源于互联网:scap中文网

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月16日16:45:49
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-498 包含敏感信息的可克隆类https://cn-sec.com/archives/612981.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息