Description
The software creates an immutable text string using string concatenation operations.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
The software creates an immutable text string using string concatenation operations.
Modes of Introduction:
Other: Reduce Performance
The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.
Modes of Introduction:
Other: Reduce Reliability
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: Medium
Access Control: Bypass Protection Mechanism
In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Access Control: Gain Privileges or Assume Identity
Injected code can access resources that the attacker is directly prevented from accessing.
Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands
Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code.
Non-Repudiation: Hide Activities
Often the actions performed by injected control code are unlogged.
Phase: Architecture and Design
Effectiveness:
Description:
Refactor your program so that you do not have to dynamically generate code.
Phase: Architecture and Design
Effectiveness:
Description:
Phase: Implementation
Effectiveness:
Description:
Phase: Testing
Effectiveness:
Description:
Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
Phase: Testing
Effectiveness:
Description:
Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software’s operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Phase: Operation
Effectiveness:
Description:
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl’s “-T” switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Phase: Operation
Effectiveness:
Description:
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl’s “-T” switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Access Control, Other: Gain Privileges or Assume Identity, Varies by Context
An attacker can access any functionality that is inadvertently accessible to the source.
Phase: Architecture and Design
Effectiveness:
Description:
The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
The software uses a cross-domain policy file that includes domains that should not be trusted.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Confidentiality, Integrity, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Varies by Context
An attacker may be able to bypass the web browser’s same-origin policy. An attacker can exploit the weakness to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running ActiveX controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content.
Phase: Architecture and Design
Effectiveness:
Description:
Avoid using wildcards in the cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Phase: Architecture and Design, Operation
Effectiveness:
Description:
For Flash, modify crossdomain.xml to use meta-policy options such as ‘master-only’ or ‘none’ to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
Phase: Architecture and Design, Operation
Effectiveness:
Description:
For Flash, modify crossdomain.xml to use meta-policy options such as ‘master-only’ or ‘none’ to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Confidentiality, Integrity, Availability, Access Control: Bypass Protection Mechanism, Read Application Data, Modify Application Data, Varies by Context
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. “eval”).
This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: Medium
Confidentiality: Read Files or Directories, Read Application Data
The injected code could access restricted data / files.
Access Control: Bypass Protection Mechanism
In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Access Control: Gain Privileges or Assume Identity
Injected code can access resources that the attacker is directly prevented from accessing.
Integrity, Confidentiality, Availability, Other: Execute Unauthorized Code or Commands
Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code.
Non-Repudiation: Hide Activities
Often the actions performed by injected control code are unlogged.
Phase: Architecture and Design, Implementation
Effectiveness:
Description:
If possible, refactor your code so that it does not need to use eval() at all.
Phase: Implementation
Effectiveness:
Description:
Phase: Implementation
Effectiveness:
Description:
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Confidentiality: Read Files or Directories, Read Application Data
The injected code could access restricted data / files.
Access Control: Bypass Protection Mechanism
In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Access Control: Gain Privileges or Assume Identity
Injected code can access resources that the attacker is directly prevented from accessing.
Integrity, Confidentiality, Availability, Other: Execute Unauthorized Code or Commands
Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code.
Non-Repudiation: Hide Activities
Often the actions performed by injected control code are unlogged.
Phase: Implementation
Effectiveness:
Description:
Phase: Implementation
Effectiveness:
Description:
Perform proper output validation and escaping to neutralize all code syntax from data written to code files.
The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands