CWE-498 包含敏感信息的可克隆类

Cloneable Class Containing Sensitive Information

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: Medium

基本描述

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

扩展描述

Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: CanPrecede cwe_CWE_ID: 200 cwe_View_ID: 1000

  • cwe_Nature: CanPrecede cwe_CWE_ID: 200 cwe_View_ID: 699

适用平台

Language: [{'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C#', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Access Control Bypass Protection Mechanism A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed.

可能的缓解方案

Implementation

策略:

If you do make your classes clonable, ensure that your clone method is final and throw super.clone().

示例代码

The following example demonstrates the weakness.

bad Java

public class CloneClient {
public CloneClient() //throws
java.lang.CloneNotSupportedException {

Teacher t1 = new Teacher("guddu","22,nagar road");
//...
// Do some stuff to remove the teacher.
Teacher t2 = (Teacher)t1.clone();
System.out.println(t2.name);
}
public static void main(String args[]) {

new CloneClient();
}
}
class Teacher implements Cloneable {

public Object clone() {

try {
return super.clone();
}
catch (java.lang.CloneNotSupportedException e) {

throw new RuntimeException(e.toString());
}
}
public String name;
public String clas;
public Teacher(String name,String clas) {

this.name = name;
this.clas = clas;
}
}

Make classes uncloneable by defining a clone function like:

good Java

public final void clone() throws java.lang.CloneNotSupportedException {
throw new java.lang.CloneNotSupportedException();
}

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Information leak through class cloning
The CERT Oracle Secure Coding Standard for Java (2011) OBJ07-J Sensitive classes must not let themselves be copied
Software Fault Patterns SFP23 Exposed Data