Java – 4 Security Vulnerabilities Related Coding Practices to Avoid---reference
- Executing a dynamically generated SQL statement
- Directly writing an Http Parameter to Servlet output
- Creating an SQL PreparedStatement from dynamic string
- Array is stored directly
Executing a Dynamically Generated SQL Statement
This is most common of all. One can find mention of this vulenrability at several places. As a matter of fact, many developers are also aware of this vulnerability, although this is a different thing they end up making mistakes once in a while. In several DAO classes, the instances such as following code were found which could lead to SQL injection attacks.
StringBuilder query = new StringBuilder(); |
Instead of above query, one could as well make use of prepared statement such as that demonstrated in the code below. It not only makes code less vulnerable to SQL injection attacks but also makes it more efficient.
StringBuilder query = new StringBuilder(); |
Directly writing an Http Parameter to Servlet Output
In Servlet classes, I found instances where the Http request parameter was written as it is, to the output stream, without any validation checks. Following code demonstrate the same:
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
Note that above code does not persist anything. Code like above may lead to what is called reflected (or non-persistent) cross site scripting (XSS) vulnerability. Reflected XSS occur when an attacker injects browser executable code within a single HTTP response. As it goes by definition (being non-persistent), the injected attack does not get stored within the application; it manifests only users who open a maliciously crafted link or third-party web page. The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim. You could read greater details on following OWASP page on reflect XSS
Creating an SQL PreparedStatement from Dynamic Query String
What it essentially means is the fact that although PreparedStatement was used, but the query was generated as a string buffer and not in the way recommended for prepared statement (parametrized). If unchecked, tainted data from a user would create a String where SQL injection could make it behave in unexpected and undesirable manner. One should rather make the query statement parametrized and, use the PreparedStatement appropriately. Take a look at following code to identify the vulenarble code.
StringBuilder query = new StringBuilder(); |
Array is Stored Directly
Instances of this vulnerability, Array is stored directly, could help the attacker change the objects stored in array outside of program, and the program behave in inconsistent manner as the reference to the array passed to method is held by the caller/invoker. The solution is to make a copy within the object when it gets passed. In this manner, a subsequent modification of the collection won’t affect the array stored within the object. You could read the details on followingstackoverflow page. Following code represents the vulnerability:
// Note that values is a String array in the code below. |
reference from:http://vitalflux.com/java-4-security-vulnerabilities-related-coding-practices-avoid/
appendix:
There is a Sonar Violation:
Sonar Violation: Security - Array is stored directly
public void setMyArray(String[] myArray) {
this.myArray = myArray;
}
Solution:
public void setMyArray(String[] newMyArray) {
if(newMyArray == null) {
this.myArray = new String[0];
} else {
this.myArray = Arrays.copyOf(newMyArray, newMyArray.length);
}
}
It's complaining that the array you're storing is the same array that is held by the caller. That is, if the caller subsequently modifies this array, the array stored in the object (and hence the object itself) will change.
The solution is to make a copy within the object when it gets passed. This is called defensive copying. A subsequent modification of the collection won't affect the array stored within the object.
It's also good practice to normally do this when returning a collection (e.g. in a corresponding getMyArray() call). Otherwise the receiver could perform a modification and affect the stored instance.
Note that this obviously applies to all mutable collections (and in fact all mutable objects) - not just arrays. Note also that this has a performance impact which needs to be assessed alongside other concerns.
reference from:http://stackoverflow.com/questions/11580948/sonar-violation-security-array-is-stored-directly
Java – 4 Security Vulnerabilities Related Coding Practices to Avoid---reference的更多相关文章
- Java – Top 5 Exception Handling Coding Practices to Avoid
This article represents top 5 coding practices related with Java exception handling that you may wan ...
- Java Tips and Best practices to avoid NullPointerException
A NullPointerException in Java application is best way to solve it and that is also key to write rob ...
- Types of Security Vulnerabilities
1)内存空间安全.2)参量级别数据安全:3)通信级别数据安全:4)数据访问控制:5)通信对象身份确认. https://developer.apple.com/library/content/docu ...
- Java Basic&Security Tools
JDK Tools and Utilities Basic Tools These tools are the foundation of the JDK. They are the tools yo ...
- We found potential security vulnerabilities in your dependencies. Only the owner of this reposito...
删除package-lock.json并同步到git 定义的依赖项./package-lock.json具有已知的安全漏洞 找到一个叫做.gitignore,把package-lock.json贴在这 ...
- How Will Java Technology Change My Life?
How Will Java Technology Change My Life? We can't promise you fame, fortune, or even a job if you le ...
- BlackArch-Tools
BlackArch-Tools 简介 安装在ArchLinux之上添加存储库从blackarch存储库安装工具替代安装方法BlackArch Linux Complete Tools List 简介 ...
- Find out when memory leaks are a concern and how to prevent them
Handling memory leaks in Java programs Find out when memory leaks are a concern and how to prevent t ...
- malloc(50) 内存泄露 内存溢出 memory leak会最终会导致out of memory
https://en.wikipedia.org/wiki/Memory_leak In computer science, a memory leak is a type of resource l ...
随机推荐
- Oracle11G 数据库 expdp、impdp使用示例
expdp 备份数据库.expdp/impdp简单测试 操作系统层面创建目录 [root@Oracle11g ~]# mkdir -p /home/oracle/db_back/ 修改目录的所属用户. ...
- 【转】iOS6中的Auto Layout:通过代码添加约束
最近做的项目用到了Auto Layout,于是经过了一番大量的google,这是我看到的讲用代码创建约束最清晰的一篇教程,于是想跟更多的人分享一下.原文也比较简单,可以直接过去看,如果我翻译的 ...
- http请求的cookie
Cookie的作用: Cookie是用于维持服务端会话状态的,通常由服务端写入,在后续请求中,供服务端读取. HTTP请求,Cookie的使用过程 1.server通过HTTP Response中的& ...
- [个人原创]关于java中对象排序的一些探讨(三)
这篇文章由十八子将原创,转载请注明,并标明博客地址:http://www.cnblogs.com/shibazijiang/ 对对象排序也可以使用Guava中的Ordering类. 构造Orderin ...
- php中session的运行机制
在PHP中session默认是以文件的形式存储于服务器的 而客户端和服务端则是通过session_id来完成握手的,默认情况下PHP会将session_id存储于cookie中,用户每次请求时该ses ...
- input, textarea,监听输入事件
IE使用'propertychange'事件监听,其它浏览器使用'input'事件测试了IE7-10, Chrome, FF, 输入没有问题.♥但在IE9下, 删除, 回退, Ctrl+X 没有 ...
- Nginx配置文件nginx.conf详细说明
Nginx配置文件nginx.conf详细说明 #worker_processes 8; #worker_cpu_affinity 00000001 00000010 00000100 0000100 ...
- PHP图的绘制1
最近在学习php图的绘制,写的代码放上来,供自己以后学习查看: <?php //*函数说明: //这个函数返回的是 // resource imagecreate ( int $x_size , ...
- JQuery调用iframe父页面元素与方法
JQuery操作iframe父页面与子页面的元素与方法 下面简单使用Jquery来操作iframe的一些记录,这个使用纯JS也可以实现. 第一.在iframe中查找父页面元素的方法: $('#id', ...
- MVC linq语法分页
分页效果图: 表格下面的分页按钮样式是我自己做的一个样式,这4个按钮都是用同一张图片:这张图片是用ps做的. 接下来我们说一下怎么去做这个样式 第一css代码: ._HomePage,._Previo ...