Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.

How do you prevent CWE-492?

Using sealed classes protects object-oriented encapsulation paradigms and therefore protects code from being extended in unforeseen ways.

How is CWE-492 detected?

Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

What are the consequences of CWE-492?

Exploiting CWE-492 can lead to: Read Application Data.

CWE-492: Use of Inner Class Containing Sensitive Data

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following Java Applet code mistakenly makes use of an inner class.

Vulnerable example

java

public final class urlTool extends Applet {

The following example shows a basic use of inner classes. The class OuterClass contains the private member inner class InnerClass. The private inner class InnerClass includes the method concat that accesses the private member variables of the class OuterClass to output the value of one of the private member variables of the class OuterClass and returns a string that is a concatenation of one of the private member variables of the class OuterClass, the separator input parameter of the method and the private member variable of the class InnerClass.

Vulnerable example

java

public class OuterClass {

Safe example

java

public class OuterClass {

In the following example the BankAccount class contains the private member inner class InterestAdder that adds interest to the bank account balance. The start method of the BankAccount class creates an object of the inner class InterestAdder, the InterestAdder inner class implements the ActionListener interface with the method actionPerformed. A Timer object created within the start method of the BankAccount class invokes the actionPerformed method of the InterestAdder class every 30 days to add the interest to the bank account balance based on the interest rate passed to the start method as an input parameter. The inner class InterestAdder needs access to the private member variable balance of the BankAccount class in order to add the interest to the bank account balance.

Vulnerable example

java

public class BankAccount {

Safe example

java

public class BankAccount {

Safe example

java

public class BankAccount {

In the following Java example a simple applet provides the capability for a user to input a URL into a text field and have the URL opened in a new browser window. The applet contains an inner class that is an action listener for the submit button, when the user clicks the submit button the inner class action listener's actionPerformed method will open the URL entered into the text field in a new browser window. As with the previous examples using inner classes in this manner creates a security risk by exposing private variables and methods. Inner classes create an additional security risk with applets as applets are executed on a remote machine through a web browser within the same JVM and therefore may run side-by-side with other potentially malicious code.

Vulnerable example

java

public class UrlToolApplet extends Applet {

Safe example

java

public class UrlToolApplet extends Applet implements ActionListener {

As with the previous examples a solution to this problem would be to use a static inner class, a local inner class or an anonymous inner class. An alternative solution would be to have the applet implement the action listener rather than using it as an inner class as shown in the following example.

CWE-492: Use of Inner Class Containing Sensitive Data

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-492?

How do you prevent CWE-492?

How is CWE-492 detected?

What are the consequences of CWE-492?

References

Stay ahead of CWE-492

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-492?

How do you prevent CWE-492?

How is CWE-492 detected?

What are the consequences of CWE-492?

References

Stay ahead of CWE-492