java - Security: CWE-201: What is the correct way to securely read a properties file using openStream? -


i'm working on coming solution cwe-201 flagged veracode.

background:

cwe-201: information exposure through sent data

information exposure through sent data weakness id: 201 (weakness variant) status: draft + description description summary accidental exposure of sensitive information through sent data refers transmission of data either sensitive in , of or useful in further exploitation of system through standard data channels.

phase: architecture , design strategy: separation of privilege compartmentalize system have "safe" areas trust boundaries can unambiguously drawn. not allow sensitive data go outside of trust boundary , careful when interfacing compartment outside of safe area. ensure appropriate compartmentalization built system design , compartmentalization serves allow , further reinforce privilege separation functionality. architects , designers should rely on principle of least privilege decide when appropriate use , drop system privileges.

besides...what heck mean people code, i'm trying find practical solutions using java resolve problem.

what can tell following code cause veracode flag cwe-201:

public void init(url filepath) {     try {         load(new bufferedinputstream(filepath.openstream()));     } catch (java.io.ioexception e) {                    log.error("could not load server properties file!", e);                          }  } 

more information:

phase: implementation ensure possibly sensitive data specified in requirements verified designers ensure either calculated risk or mitigated elsewhere. information not necessary functionality should removed in order lower both overhead , possibility of security sensitive data being sent.

phase: system configuration setup default error messages unexpected errors not disclose sensitive information.

i have done recommendation stated in system configuration creating custom runtime exception swallows the ioexception here...but veracode still flagged it.

here's that code looks like:

public class cwe201exception extends runtimeexception {  private static logger log = esapi.getlogger(cwe201exception .class.getname());  public cwe201exception(string identifer, throwable t){       log.error(logger.security_audit, identifer); } 

}

and updated method this:

public void init(url filepath) {     try {         load(new bufferedinputstream(filepath.openstream()));     } catch (java.io.ioexception e) {                    throw new cwe201exception("omgstilldoingthis", e);                           }  } 

looking through veracode report, came across following:

attack vector: java.net.url.openstream

description: application calls java.net.url.openstream() function, result in data being transferred out of application (via network or medium). data contains sensitive information. openstream() called on filepath object, contains potentially sensitive data. potentially sensitive data originated earlier call java.lang.system.getproperty.

remediation: ensure transfer of sensitive data intended , not violate application security policy. flaw categorized low severity because impacts confidentiality, not integrity or availability. however, in context of mobile application, significance of information leak may greater, if misaligned user expectations or data privacy policies.

question turns out when read property file resides on server in way, using system.getproperties() indirectly.

exposing stream viewed security threat

with said, correct way load property file application can load environment configuration informationin manner veracode considers "safe"?


Comments

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

javascript - oscilloscope of speaker input stops rendering after a few seconds -