SV.EXPOSE.STORE

This error is detected when a public method stores a reference to a mutable object.

Vulnerability and risk

Malicious applet can modify internal state of object by modifying result that returned.

Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.

Mitigation and prevention

This vulnerability can be prevented by not storing references to mutable objects in public methods, using immutable object instead or avoid using static fields.

Example 1

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
    private Collection users;
    public void setUsers(Collection users) throws AuthorizationException {
      for (Iterator iter = users.iterator(); iter.hasNext();) {
        String user = (String) iter.next();
        if (!authorized(user)) throw new AuthorizationException();
 
      }
      this.users = users;
    }
    // ...
    void maliciousUserCode() throws AuthorizationException {
        Collection myUsers = new ArrayList();
        myUsers.add("goodUser");
        setUsers(myUsers);
        myUsers.add("anotherUser");
    }

SV.EXPOSE.STORE is reported for line 26: Method stores reference to mutable object 'users'. Internal state of object can be modified by malicious user.

External guidance

• CERT OBJ04-J: Provide mutable classes with copy functionality to safely allow passing instances to untrusted code
• CERT OBJ05-J: Do not return references to private mutable class members
• CWE-374: Passing Mutable Objects to an Untrusted Method

Security training

Application security training materials provided by Secure Code Warrior.

• Insufficient Validation Training Video - Test your skills with a training example