界: Encapsulation
封装即绘制强边界。在 Web 浏览器中,这可能意味着确保您的移动代码不会被其他移动代码滥用。在服务器上,这可能意味着区分已验证数据和未验证数据、区分一个用户的数据和另一个用户的数据,或者区分允许用户查看的数据和不允许用户查看的数据。
Unsafe Mobile Code: Public finalize() Method
Abstract
该程序违反了移动代码的安全编码原则,它将
finalize() 方法声明为 public。Explanation
除非在
例 1:以下 Java Applet 代码错误地声明了一种
移动代码,在本例中也就是 Java Applet,通过网络进行传递并在远程机器上运行。因为移动代码的编写者很难控制其所编写代码的运行环境,所以在安全上提出特别的要求理所当然。一个最大的环境威胁在于,移动代码可以伴随其他潜在的恶意移动代码一起运行。因为所有的主流 web 浏览器会在同一 JVM 中执行来自多个来源的代码,所以,许多移动代码的安全指导原则都很关注可以访问到运行着您程序的同一虚拟机的攻击者,避免他们操纵您的对象的状态和行为。
finalize() 的实现方法内部调用 super.finalize(),否则请不要显式地调用 finalize。在移动代码中,手动垃圾回收这种带有错误倾向的操作会威胁到系统的安全,由于 finalize() 的声明中包含对 public 访问,因此会造成攻击者的恶意调用。如果您按其最初设计使用 finalize(),则应首先声明 finalize() 包含 protected 访问权限。例 1:以下 Java Applet 代码错误地声明了一种
public finalize() 方法。
public final class urlTool extends Applet {
public void finalize() {
...
}
...
}
移动代码,在本例中也就是 Java Applet,通过网络进行传递并在远程机器上运行。因为移动代码的编写者很难控制其所编写代码的运行环境,所以在安全上提出特别的要求理所当然。一个最大的环境威胁在于,移动代码可以伴随其他潜在的恶意移动代码一起运行。因为所有的主流 web 浏览器会在同一 JVM 中执行来自多个来源的代码,所以,许多移动代码的安全指导原则都很关注可以访问到运行着您程序的同一虚拟机的攻击者,避免他们操纵您的对象的状态和行为。
References
[1] G. McGraw Securing Java. Chapter 7: Java Security Guidelines
[2] MET12-J. Do not use finalizers CERT
[3] Standards Mapping - Common Weakness Enumeration CWE ID 583
[4] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-000213, CCI-002165
[5] Standards Mapping - NIST Special Publication 800-53 Revision 4 AC-3 Access Enforcement (P1)
[6] Standards Mapping - NIST Special Publication 800-53 Revision 5 AC-3 Access Enforcement
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.8
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.8
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.8
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.8
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 5.4 - Authentication and Access Control
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 5.4 - Authentication and Access Control
[15] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 5.4 - Authentication and Access Control, Control Objective C.2.3 - Web Software Access Controls
[16] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-000460 CAT I, APSC-DV-000470 CAT II
[31] Standards Mapping - Web Application Security Consortium Version 2.00 Insufficient Authorization (WASC-02)
desc.structural.java.unsafe_mobile_code_public_finalize_method