CWE-796: Only Filtering Special Elements Relative to a Marker

Description

The product receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Common Consequences

Impact: Unexpected State — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None listed.

Demonstrative Examples

Intro: The following code takes untrusted input and uses a regular expression to filter a "../" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.

Body: Since the regular expression is only looking for an instance of "../" at the beginning of the string, it only removes the first "../" element. So an input value such as:

my $Username = GetUntrustedInput(); $Username =~ s/^\.\.\///; my $filename = "/home/user/" . $Username; ReadAndSendFile($filename);

Notes

No notes available.

← Back to CWE list