ABSTRACT

A cloneable class that performs this check in its constructor needs to perform the same check in its clone() method.

EXPLANATION

When a class's clone() method is invoked, the constructor for the class being cloned is not invoked. Thus, if a SecurityManager or AccessController check is present in the constructor of a cloneable class, the same check must also be present in the clone method of the class. Otherwise, the security check will be bypassed when the class is cloned.

Example 1: The following code contains a SecurityManager check in the constructor but not in the clone() method.


public class BadSecurityCheck implements Cloneable {

private int id;

public BadSecurityCheck() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new BadPermission("BadSecurityCheck"));
}
id = 1;
}

public Object clone() throws CloneNotSupportedException {
BadSecurityCheck bsm = (BadSecurityCheck)super.clone();
return null;
}
}

REFERENCES

[1] "Secure Coding Guidelines for the Java Programming Language, version 2.0" Sun Microsystems, Inc. [Online]. [Accessed: Aug. 30, 2007]. Sun Microsystems, Inc.

[2] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 358

[3] C. Lai Java Insecurity: Accounting for Subtleties That Can Compromise Code