CWE-374: Passing Mutable Objects to an Untrusted Method

Description

The product sends non-cloned mutable data as an argument to a method or function.

Extended Description

The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Modify Memory — Notes: Potentially data could be tampered with by another function which should not have been tampered with.

Potential Mitigations

Implementation: Pass in data which should not be altered as constant or immutable. (N/A)
Implementation: Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class. (N/A)

Applicable Platforms

C (N/A, Undetermined)
C++ (N/A, Undetermined)
Java (N/A, Undetermined)
C# (N/A, Undetermined)

Demonstrative Examples

Intro: The following example demonstrates the weakness.

Body: In this example, bar and baz will be passed by reference to doOtherStuff() which may change them.

private: int foo; complexType bar; String baz; otherClass externalClass; public: void doStuff() { externalClass.doOtherStuff(foo, bar, baz) }

Intro: In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.

Body: However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.

public class BookStore { private BookStoreInventory inventory; private SalesDBManager sales; ... // constructor for BookStore public BookStore() { this.inventory = new BookStoreInventory(); this.sales = new SalesDBManager(); ... } public void updateSalesAndInventoryForBookSold(String bookISBN) { // Get book object from inventory using ISBN Book book = inventory.getBookWithISBN(bookISBN); // update sales information for book sold sales.updateSalesInformation(book); // update inventory inventory.updateInventory(book); } // other BookStore methods ... } public class Book { private String title; private String author; private String isbn; // Book object constructors and get/set methods ... }

Notes

No notes available.

← Back to CWE list