Cloneable Class Containing Sensitive Information

Draft Variant

Structure: Simple

Description

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

Extended Description

Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.

Common Consequences 1

Scope: Access Control

Impact: Bypass Protection Mechanism

A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed.

Potential Mitigations 1

Phase: Implementation

If you do make your classes clonable, ensure that your clone method is final and throw super.clone().

Demonstrative Examples 1

The following example demonstrates the weakness.

Code Example:Bad
Java
java

Make classes uncloneable by defining a clone function like:

Code Example:Good
Java
java

References 1

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

Likelihood of Exploit

Medium

Applicable Platforms

Languages:

C++ : UndeterminedJava : UndeterminedC# : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Exposure of Resource to Wrong Sphere (CWE-668)

CanPrecede:

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

Taxonomy Mapping

CLASP
The CERT Oracle Secure Coding Standard for Java (2011)
Software Fault Patterns