CWE-498: Cloneable Class Containing Sensitive Information
Description
The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Extended Description
Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.
Example - 1
The following example demonstrates the weakness.
Teacher t1 = new Teacher("guddu","22,nagar road");//...// Do some stuff to remove the teacher.Teacher t2 = (Teacher)t1.clone();System.out.println(t2.name);
new CloneClient();public CloneClient() //throwsjava.lang.CloneNotSupportedException {}public static void main(String args[]) {}
return super.clone();
throw new RuntimeException(e.toString());try {}catch (java.lang.CloneNotSupportedException e) {}
this.name = name;this.clas = clas;public Object clone() {}public String name;public String clas;public Teacher(String name,String clas) {}public class CloneClient {}class Teacher implements Cloneable {}
Make classes uncloneable by defining a clone function like:
throw new java.lang.CloneNotSupportedException();public final void clone() throws java.lang.CloneNotSupportedException {}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.