Java Reference
In-Depth Information
Applicability
Incorrectly assuming that
final
references cause the contents of the referenced object to
remain mutable can result in an attacker modifying an object believed to be immutable.
Bibliography
[Bloch 2008]
Item 13, “Minimize the Accessibility of Classes and Members”
[Core Java 2003]
Chapter 6, “Interfaces and Inner Classes”
[JLS 2013]
§4.12.4, “
final
Variables”
§6.6, “Access Control”
[Long 2012]
OBJ04-J. Provide mutable classes with copy functionality to safely allow
passing instances to untrusted code
OBJ06-J. Defensively copy mutable inputs and mutable internal components
[Mettler 2010]
“Class Properties for Security Review in an Object-Capability Subset of
Java”
74.
Use
the
serialization
methods
writeUnshared()
and
readUnshared()
with care
When objects are serialized using the
writeObject()
method, each object is written to
the output stream only once. Invoking the
writeObject()
method on the same object a
second time places a back-reference to the previously serialized instance in the stream.
Correspondingly, the
readObject()
method produces at most one instance for each ob-
ject present in the input stream that was previously written by
writeObject()
.
According to the Java API [API 2013], the
writeUnshared()
method
writesan“unshared”objecttothe
ObjectOutputStream
.Thismethodisidenticalto
writeObject
, except that it always writes the given object as a new, unique object
in the stream (as opposed to a back-reference pointing to a previously serialized in-
stance).
