|
Test Interfaces are Removed
Applies to
Servlets/JSP (Java SDK v1.4.2)
What to Check For
Ensure all public interfaces used for testing your
application are removed.
Why
Test interfaces add extra functionality that is
not intended for the released application. Often these interfaces will
be used by a test team to gain information or drive functionality that
would be dangerous in the hands of an attacker.
When
Always use parameterized SQL queries. Avoid constructing SQL queries
directly from any input, including form fields, query string parameters,
and cookies.
How to Check
-
Identify all test interfaces.
Examine your application's code base and identify any public
interfaces that are not documented in your application's API
specifications. If you use derived classes or interfaces, make sure
all the base classes/interfaces are also reviewed.
For example:
public class UserManager{ ... // A test method to remove all
accounts public boolean removeAllAccounts() { ... } ...}
public class MyAppUserManager extends UserManager{ // An attacker
who has access to this interface // automatically gain access to
removeAllAccounts()}
-
Ensure all test interface are removed.
Ensure all public test APIs are removed from
the base classes/interfaces. If you cannot modify the source code of
the base classes/interfaces, ensure all derived classes are declared
final and contain a no-op method to overwrite the original test API:
public class UserManager{ ... // A test method to remove all
accounts public boolean removeAllAccounts() { ... } ...}
public final class MyAppUserManager extends UserManager{ // Making
the method no-op will prevent an attacker from calling the
removeAllAccounts() method. final public boolean removeAllAccounts()
{ return false;} }
How to Fix
To remove all test interfaces:
Identify all test APIs. Enumerate all public APIs. Identify which APIs
are intended for application use and which APIs are intended for test
purposes. Ideally these interfaces will already be documented as test
interfaces and can be discovered through specifications.
Remove the test interfaces. Code removal is a straight forward
procedure. Once the test code is identified, it should be isolated from
the application and removed from your code base.
Problem Example
public final class UserManager
{
public UserManager()
{
...
}
public boolean addUser(User user, char[ ] pass, char[ ] verifyPass)
{
...
}
public boolean removeUser(User user)
{
...
}
public boolean modifyUser(User user)
{
...
}
public boolean changePass(User user, char[ ] oldPass, char[ ] pass,
char[ ] verifyPass)
{
...
}
// The class contains test APIs
public void addTestUsers()
{
...
}
}
Solution Example
The following code shows the user
management system for an application. Because the test APIs is removed
from the class, there is no untested code that a malicious user can
attack.
// The class contains
no test APIs
public final class UserManager
{
public UserManager()
{
...
}
public boolean addUser(User user, char[ ] pass, char[ ] verifyPass)
{
...
}
public boolean removeUser(User user)
{
...
}
public boolean modifyUser(User user)
{
...
}
public boolean changePass(User user, char[ ] oldPass, char[ ] pass,
char[ ] verifyPass)
{
...
}
}
Additional
Resources
Protect From SQL Injection in ASP.NET
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000002.asp
Protect From Injection Attacks in ASP.NET
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000003.asp
How to Use Regular Expressions to Constrain Input
in ASP.NET
http://msdn2.microsoft.com/en-us/library/ms998267.aspx
Related Items
|
