Reino: Code Quality

Una mala calidad del código lleva a un comportamiento no predecible. Desde la perspectiva de un usuario, muchas veces también supone una usabilidad limitada. Pero para un atacante es una oportunidad para atacar al sistema de formas insospechadas.

Code Correctness: Class Does Not Implement Cloneable

Java/JSP

Abstract

Esta clase implementa un método clone(), pero no la interfaz Cloneable.

Explanation

Al parecer, el programador previó implementar para esta clase la interfaz Cloneable, ya que implementa un método llamado clone(). Sin embargo, la clase no implementa la interfaz Cloneable y el método clone() no se comportará correctamente.

Ejemplo 1: llamar clone() para esta clase dará lugar a una CloneNotSupportedException.


public class Kibitzer {
  public Object clone() throws CloneNotSupportedException {
    ...
  }
}

References

[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1

[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 5

[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1

[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal

[5] Standards Mapping - Common Weakness Enumeration CWE ID 498

[6] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094

[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)

[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection

[9] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service

[10] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9

[11] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II

[12] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II

[13] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II

[14] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II

[15] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II

[16] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II

[17] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II

[18] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II

[19] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II

[20] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II

[21] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II

[22] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II

[23] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II

[24] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II

[25] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II

[26] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II

[27] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II

[28] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II

[29] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II

[30] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II

[31] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II

[32] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)

[33] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service

desc.structural.java.code_correctness_class_does_not_implement_cloneable