CWE Rule 498

Cloneable class containing sensitive information

Since R2023b

expand all in page

Description

Rule Description

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

Polyspace Implementation

The rule checker checks for the issue Sensitive information accessible through copy constructor.

Examples

expand all

Issue

The issue Sensitive information accessible through copy constructor occurs when a class contains both sensitive information and one of the following:

  • A public copy constructor, including an implicitly declared one.

  • An overloaded copy assignment operator.

To check for violation of this rule, specify sensitive data members using the option -code-behavior-specifications and the code behavior CRITICAL_DATA. See Specifying Critical Data Members. A violation is not reported if the code behavior is not specified.

Risk

Copying a class allows sensitive data to be accessible even when you mark the sensitive data as private. You can inadvertently introduce vulnerabilities if your code copies the sensitive data.

Fix

To fix this violation, either delete the copy constructor or overloaded copy assignment operator or mark it as private.

Example — Sensitive Information Accessible Through Copy Constructor
#include <string>
#include <iostream>

class Login
{
public:
    Login(std::string n, std::string c) : username(n), password(c) {}
    Login(const Login& t) = default;
    std::string get_username(){return username;}
private:
    std::string username;      //Noncompliant
    std::string password;      //Noncompliant
};

class CopyUser
{
public:
    CopyUser() {
        Login t1("user1", "a1B2c3D4");
        // ...
        Login t2(t1);
        // ...
    }

    static void main() {
        new CopyUser();
    }

};

int main()
{
    CopyUser::main();
}

In this example, you declare the data members username and password as private. Specify these variables as sensitive in a code behavior XML file:

<?xml version="1.0" encoding="UTF-8"?>
<specifications xmlns="http://www.mathworks.com/PolyspaceCodeBehaviorSpecifications">
   <members>
	<member name="password" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
	<member name="username" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
   </members>
</specifications>

The copy constructor Login(const Login& t) = default; is public, which allows the class CopyUser to copy a Login object and access the sensitive data members username and password through the copy.

Correction — Delete the Copy Constructor

To fix this violation, either delete the copy constructor or overloaded assignment copy assignment operator or mark it as private. If the class contains an implicit copy constructor, explicitly declare the copy constructor and mark it as private or =delete.

Because you mark Login(const Login& t) as =delete in this code, the CopyUser class is no longer able to access the copy constructor keeping sensitive information from being copied.

#include <string>
#include <iostream>

class Login
{
public:
    Login(std::string n, std::string c) : username(n), password(c) {}
    Login(const Login& t) = delete;
private:
    std::string username;    //Compliant
    std::string password;    //Compliant
};

The code behavior specifications XML file can continue to be the same as before:

<?xml version="1.0" encoding="UTF-8"?>
<specifications xmlns="http://www.mathworks.com/PolyspaceCodeBehaviorSpecifications">
   <members>
	<member name="password" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
	<member name="username" kind="variable">
		<behavior name="CRITICAL_DATA"/>
	</member>
   </members>
</specifications>

Check Information

Category: Others

Version History

Introduced in R2023b

See Also

Topics

External Websites