SV.SENSITIVE.DATA
This error is reported when sensitive information is stored or transmitted without encryption.
Vulnerability and risk
If your sensitive data such as passwords and social security numbers is unencrypted, an attacker could read or modify it.
Encrypting sensitive data means an attacker would need to decrypt the data before reading or modifying it.
Code examples
Vulnerable code example 1
package com.company;
import java.io.IOException;
import java.io.OutputStream;
public class WriteInfo {
public void write(OutputStream os, int ssn) throws IOException {
os.write(ssn);
}
}Klocwork produces a defect when a sensitive value is written to a stream. In this example, a social security number is the sensitive value.
Fixed code example 1
package com.company;
import java.io.IOException;
import java.io.OutputStream;
public class WriteInfo {
public void write(OutputStream os, int ssn) throws IOException {
int encryptedSsn = encrypt(ssn);
os.write(encryptedSsn);
}
private int encrypt(int value) {
int encrypted;
// ... do encryption
return encrypted;
}
}Apply the following .jkb file, which tells the Klocwork analysis engine that the ‘encrypt()’ method returns safe data.
package com.company;
@Bind("SV.SENSITIVE.DATA")
class Writer {
@Check("return") private int encrypt(int value);
}In this fixed example, the sensitive value (a social security number) is encrypted before being written. Klocwork does not produce a defect in this fixed example.
Vulnerable code example 2
package com.company;
import java.io.IOException;
import java.io.Writer;
public class WriteInfo {
public void write(Writer w, User user) throws IOException {
String value = user.getPassword();
w.write(value);
}
public static class User {
public String getPassword() {
return "pw";
}
}
}Klocwork produces a defect when a sensitive value is written to a Writer object. In this example, a password is retrieved from the ‘getPassword()’ method and is then written.
Fixed code example 2
package com.company;
import java.io.IOException;
import java.io.Writer;
public class WriteInfo {
public void write(Writer w, User user) throws IOException {
String encryptedPassword = encrypt(user.getPassword());
w.write(encryptedPassword);
}
private String encrypt(String value) {
String encrypted;
// ... do encryption
return encrypted;
}
public static class User {
public String getPassword() {
return "pw";
}
}
}Apply the following .jkb file, which tell the Klocwork analysis engine that the ‘encrypt()’ method contains safe data.
package com.company;
@Bind("SV.SENSITIVE.DATA")
class Writer {
@Check("return") private String encrypt(String value);
}In this fixed example, the sensitive data is encrypted before being written. Also note that the variable name ‘encryptedPassword’ was used to clearly indicate that the code is not storing a plain-text password.
Vulnerable code example with configurable checker
This checker is configured with a default list of sensitive data such as: dob, ssn, password. This list is meant to be configurable, rather than all-inclusive. Sensitive data can be configured using the @CheckerParam annotation in a .jkb file. Please note that the default built-in list of sensitive terms is no longer used once the user specifies a custom @CheckerParam option.
In this example, the user has domain-specific knowledge of their software and has identified that a patient’s ‘name’, ‘dob’, and ‘address’ are sensitive types of data. A .jkb file containing the following annotation has already been loaded into the project’s configuration:
@CheckerParam("SV.SENSITIVE.DATA", "name,dob,address")
package com.company;
@Bind("SV.SENSITIVE.DATA")
class Writer {
@Check("return") public String encrypt(String value);
}The above .jkb file notifies the Klocwork analysis engine that dob, address and name are sensitive values, and that the ‘encrypt()’ method returns safe data.
Vulnerable code example 3
package com.company;
import java.io.IOException;
import java.io.Writer;
public class WritePatient {
public void writePatientInfo(Writer writer, Patient patient) throws IOException {
StringBuilder sb = new StringBuilder();
sb.append(patient.getName());
sb.append(';');
sb.append(patient.getDob());
sb.append(';');
sb.append(patient.getAddress());
writer.write(sb.toString());
}
public static class Patient {
public String getName() { return "John Doe"; }
public String getDob() { return "1900-01-01"; }
public String getAddress() { return "123 Main St., Cityville, NY 12345"; }
}
}Klocwork will detect 3 defects in the above code, one for the unencrypted name, one for the unencrypted date of birth, and one for the unencrypted address.
Fixed code example 3
package com.company;
import java.io.IOException;
import java.io.Writer;
public class WritePatient {
public void writePatientInfo(Writer writer, Patient patient) throws IOException {
StringBuilder sb = new StringBuilder();
sb.append(encrypt(patient.getName()));
sb.append(';');
sb.append(encrypt(patient.getDob()));
sb.append(';');
sb.append(encrypt(patient.getAddress()));
writer.write(sb.toString());
}
public String encrypt(String value) {
String encrypted;
// .. do encryption
return encrypted;
}
public static class Patient {
public String getName() { return "John Doe"; }
public String getDob() { return "1900-01-01"; }
public String getAddress() { return "123 Main St., Cityville, NY 12345"; }
}
}Related checkers
External guidance
Security training
Application security training materials provided by Secure Code Warrior.
Extension
This checker can be tuned to look for sensitive values using @CheckerParam and @Check options in a .jkb file. If you tune this checker to add any custom sensitive values, the defaults are no longer used; if you want to include them as well, you can re-add them to your .jkb file along with the custom values. See Tuning Java analysis for more information.
Default sensitive values
The sensitive values used by default are: dob, ssn, pin, password, password_buffer, pwd, pwd_buffer, pwdbuf, passwd.
