CWE-583: finalize() Method Declared Public

CWE-583: finalize() Method Declared Public | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following Java Applet code mistakenly declares a public finalize() method.

Vulnerable example

java

public final class urlTool extends Applet {

Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects' state and behavior by adversaries who have access to the same virtual machine where your product is running.

CWE-583: finalize() Method Declared Public

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-583?

How do you prevent CWE-583?

How is CWE-583 detected?

What are the consequences of CWE-583?

References

Stay ahead of CWE-583

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-583?

How do you prevent CWE-583?

How is CWE-583 detected?

What are the consequences of CWE-583?

References

Stay ahead of CWE-583