CWE-20
ypKChz

CWE-20

Weakness ID:20(Weakness Class)

Status: Draft

sK؂ȓ͊mF

v

̐Ǝ㐫鐻íAvO̐t[уf[^t[։eyڂ͂ɑ΂AK؂ȑÓ`FbNs܂B

ڍׂȉ

\tgEFAɂ͂̑Ó̊mFs\ȏꍇAU҂̃AvP[ṼtH[ɈӐ}Ȃ͂”\܂B̓͂̓VXëꕔɎ󂯓nAt[̉ACӂ̃\[X̐ACӂ̃R[hs”\܂B

Ǝ㐫̔

A[LeN`ѐ݌v

YvbgtH[

Ɉˑ

vbgtH[̕⑫

͂ɑ΂Ó̊mF́AÕf[^SẴVXeɂƂȂ”\܂B

ʓIȉe

 

e󂯂͈ e
—p \Ȃl̓͂ɂAvONbVA邢̓ CPU ̃\[Xߓxɏ”\܂B
@ U҂\[X̎QƂ𐧌”\ȏꍇA@f[^ǂݎ”\܂B
S Cӂ̃R}hs܂߂ӂ͂ɂA\Ȃ@Ńf[^␧t[񂳂”\܂B

 

U󂯂”\

oi

ÓI
͂̑Ó`FbNs\ȃCX^X́AÓI͂gp邱ƂŌo”\łB ÓI̓c[̓AvP[VL̓͂̑Ó`FbN̎@֐肷邱Ƃ”\łBStrutŝ悤ȃc[́AÓ`FbÑt[[NƂāAg݂̃ibWĂ܂B̃c[́A֘Ax}Ax̗Dx܂BɂA\tgEFA̓͂̑Ó`FbN݂Ȃӏɏœ_𓖂Ă邱Ƃ”\łB OiŗᎦꍇAÓI͓͂͂̑Ó`FbNK؂ɍsĂꍇAႦ΁AZLeBêȂxAR[h̕ύXvȂxƂtH[X|WeBuʂłȂ”\܂B

蓮ÓI
rWlX[̋AJX^}CYꂽ͂̑Ó`FbNvꍇ́AÓ`FbNK؂Ɏ邱ƂmF邽߂Ɏ蓮͂KvłB

t@WO
t@WO@͓͂̑Ó`FbÑG[oɗLłB\Ȃ͂^ꂽꍇA\tgEFA̓NbVsȏԂɂȂ̂ł͂ȂAAvP[ṼRg[ɂG[bZ[W𐶐ׂłBOC^v^ɐꂽG[bZ[WꍇA͂͌oꂸAvP[VWbNŏꂽƂӖ܂B

ƎȃR[h

 1:

 

ȉ̗́A[Uw鏤i̐ʂ͂A̓͂ɊÂčvzvZVbsO̒ʐMɂvOłB

TvF Java ij 
...
public static final double price = 20.00;
int quantity = currentUser.getAttribute("quantity");
double total = price * quantity;
chargeUser(total);
c

[ÚAỉi߂ price ϐ𑀍삷邱Ƃ͂ł܂񂪁Aʂ֕̒l͂邱Ƃ͐Ă܂BU҂̒l͂ꍇÄƂ̑ɁAU҂̌֓”\܂B

 

 2:

 

ȉ̗ł́A100őʐςƂQ[Ղ̕ƍ (m~n) [U̓͂ɂ߂܂B

TvF C ij 
...
#define MAX_DIM 100
...
/* board dimensions */
int m,n, error; 
board_square_t *board;
printf("Please specify the board height: ¥n");
error = scanf("%d", &m);
if ( EOF == error ){
die("No integer passed: Die evil hacker!¥n");
}
printf("Please specify the board width: ¥n");
error = scanf("%d", &n);
if ( EOF == error ){
die("No integer passed: Die evil hacker!¥n");
}
if ( m > MAX_DIM || n > MAX_DIM ) {
die("Value too large: Die evil hacker!¥n");
}
board = (board_square_t*) malloc( m * n * sizeof(board_square_t));
...

̃R[hł́A[U傫Ȑ̒l̓͂mF邱ƂŁȀߑhł܂A̐lɑ΂mFsĂ܂BʂƂāAI[o[t[Ȃ‚̑傫ȕ̒lw肷邱ƂɂAcȃ蓖ĂVXeNbV resource consumption (CWE-400jU󂯂”\܂B ܂Aɑ傫ȕ̒l̓͂ɂ integer overflow (CWE-190) NA̒l̈ɂ\Ȃ”\܂B

 

 3:

 

ȉ̗ł́A[U̐Nƃz[y[W\ PHP AvP[ṼR[hĂ܂B
TvF PHP ij 
$birthday = $_GET['birthday'];
$homepage = $_GET['homepage'];
echo "Birthday: $birthday<br>Homepage: <a href=$homepage>click here</a>"

vO}́A$birthday ɂ͓t̏A$homepage ɂ͗L URL 邱Ƃz肵Ă܂BA̒l HTTP NGXg擾邽߁AU҂񂵁Abirthday 邢 homepage ɒl^ <script>^O̓ URL Q҂ɃNbNꍇAWebT[oRecԂہÃXNvgNCAg̃uEUŎs܂BƂ $birthday ɑ΂͂AƁu-i_bVjvɐĂƂĂAȉ̗lȓ͉͂”\łB

iUj 
2009-01-09--

̃f[^ SQL Xe[ggŎgpꂽꍇA͈̓ȍ~̃Xe[ggRgƂĈ܂BRg̓Xe[gg̑̃ZLeB֘ÃWbN𖳌ɂ܂B̏ꍇAGR[hƓ͂̑ÓmF𕹗p邱ƂŁAh䃁JjY͂LȂ̂ɂȂ܂B

ɁAXSS (CWE-79) U SQL injection (CWE-89) ́A̎ނ̃tB[h̖h䃁JjYɂݓIȌʂ̈ꕔł܂B@R[h̑O֌WɂẮACRLF Injection (CWE-93)AArgument Injection (CWE-88) ACommand Injection (CWE-77) N”\܂B

 

 4:

 

ȉ̗́A[U m n ̈g̐̓͂󂯕t̂łB

TvF C ij 
void parse_data(char *untrusted_input){
int m, n, error;
error = sscanf(untrusted_input, "%d:%d", &m, &n);
if ( EOF == error ){
die("Did not specify integer value. Die evil hacker!¥n");
}
/* proceed assuming n and m are initialized correctly */
}

̃R[hł̓[Uɂ鏉ꂽ͂A2‚ int ^̒l𔲂o܂BAU҂u123:vƂl͂ꍇAϐ m ̂ݏ܂B

iUj 
123:

̌ʁAn gp uninitialized variable (CWE-457) ”\܂B

 

 5:

 

ȉ̗ł́AIuWFNg̔z蓖Ă邽߁A[U̓͂󂯎A̔z𑀍삵܂B
TvF Java ij 
private void buildList ( int untrustedListSize ){
if ( 0 > untrustedListSize ){
die("Negative value supplied for list size, die evil hacker!");
}
Widget[] list = new Widget [ untrustedListSize ];
list[0] = new Widget();
}

̗ł́A[Uw肵l烊XgA̒lł͂ȂƂmF邽߃`FbNs܂BA0͂ꂽꍇATCY0̔z񂪐Aŏ̏ꏊɐVWidgetۑ܂B

 

 

Q ڍ
CVE-2008-5305 Eval injection in Perl program using an ID that should only contain hyphens and numbers.
CVE-2008-2223 SQL injection through an ID that was supposed to be numeric.
CVE-2008-3477 lack of input validation in spreadsheet program leads to buffer overflows, integer overflows, array index errors, and memory corruption.
CVE-2008-3843 insufficient validation enables XSS
CVE-2008-3174 driver in security product allows code execution due to insufficient validation
CVE-2007-3409 infinite loop from DNS packet with a label that points to itself
CVE-2006-6870 infinite loop from DNS packet with a label that points to itself
CVE-2008-1303 missing parameter leads to crash
CVE-2007-5893 HTTP request with missing protocol version number leads to crash
CVE-2006-6658 request with missing parameters leads to information leak
CVE-2008-4114 system crash with offset value that is inconsistent with packet size
CVE-2006-3790 size field that is inconsistent with packet size leads to buffer over-read
CVE-2008-2309 product uses a blacklist to identify potentially dangerous content, allowing attacker to bypass a warning
CVE-2008-3494 security bypass via an extra header
CVE-2006-5462 use of extra data in a signature allows certificate signature forging
CVE-2008-3571 empty packet triggers reboot
CVE-2006-5525 incomplete blacklist allows SQL injection
CVE-2008-1284 NUL byte in theme name cause directory traversal impact to be worse
CVE-2008-0600 kernel does not validate an incoming pointer before dereferencing it
CVE-2008-1738 anti-virus product has insufficient input validation of hooked SSDT functions, allowing code execution
CVE-2008-1737 anti-virus product allows DoS via zero-length field
CVE-2008-3464 driver does not validate input from userland to the kernel
CVE-2008-2252 kernel does not validate parameters sent in from userland, allowing code execution
CVE-2008-2374 lack of validation of string length fields allows memory consumption or buffer over-read
CVE-2008-1440 lack of validation of length field leads to infinite loop
CVE-2008-1625 lack of validation of input to an IOCTL allows code execution
CVE-2008-3177 zero-length attachment causes crash
CVE-2007-2442 zero-length input causes free of uninitialized pointer
CVE-2008-5563 crash via a malformed frame structure
CVE-2008-5285 infinite loop from a long SMTP request
CVE-2008-3812 router crashes with a malformed packet
CVE-2008-3680 packet with invalid version number leads to NULL pointer dereference
CVE-2008-3660 crash via multiple "." characters in file extension

 

Q̊ɘa

tF[YFA[LeN`ѐ݌v

헪F͂̑Ó`FbNACuAt[[N
Struts ܂ OWASP ESAPI Validation API ̂悤ȁA͂̑ÓmFt[[NgpĉBStruts gpꍇ́ACWE-101 JeS̐Ǝ㐫ɒӂĉB

tF[YFA[LeN`ѐ݌vA

\tgEFAɂĐMłȂ͂󂯕tӏSĔcĂBFp[^AcookieAlbg[NǂݍޑSāA‹ϐADNS̋tANGʁANGXgwb_AURL R|[lgAe-mailAt@CAt@CAf[^x[XAyуAvP[VɃf[^񋟂SĂ̊OVXe
̂悤ȓ͂ API ĂяoԐړIɉčs邱ƂɒӂĂB

tF[YF

SĂ͈̓͂ӂ̂̂Ƒz肵ĂBdlɌɏ]‚͂̃zCgXggp铙Am̎󂯓Ă͂̑Ó`FbN@pĂBdlɔ͂ۂA邢͓͂dlɓK`ɕωĂBubNXgɈˑĂ܂Aӂ̂A邢͕sȓ͂TƂ݂̂ɈˑȂłBAubNXg͗\ǓmAɋۂׂsȓ͂肷ۂɖ𗧂܂B

͒l̑Ó`FbNہA֘AȑSĂ̗vfiA̓^CvAel͈̔́A͂̉ߕsA\A֘AtB[hԂ̈ѐAyуrWlX[̈vAjɂ‚člĂBrWlX[̗ƂāA"boat" ͉p܂܂Ȃߍ\IɗLłAJ҂ "red"  "blue" ̂悤ȐF̖Oz肷ꍇɂ͗Lł͂ȂAƂWbN܂B

tF[YFA[LeN`ѐ݌v

CWE-602 h߂ɁANCAgōsSẴZLeB`FbNT[ołlɍsĂ邱ƂmFĂBU҂̓`FbNsꂽƂɒl񂷂A邢̓`FbNSɏ邱ƂŁANCAg̃`FbN邱Ƃ”\łB̏ꍇA񂳂ꂽlT[oɑM܂B

T[oɑ΂ANCAgł̃`FbNŏ̃bgȂꍇłAȉ̓_ɂĖ𗧂܂B
ENCAgŋۂ͂̕sȓ͂T[oɎ󂯓nꂽꍇ͍U̒ł”\邽߁ANmƂċ@\܂B
ENCAgł̃G[`FbN͊҂Óȓ͂̎QlƂȂtB[hobN񋟂܂B
E킸ł͂܂A\zO̓̓G[ɑ΂AT[ȍԂ̍팸ƂȂ܂B

tF[YFA[LeN`ѐ݌v

ӂ̂͂̌mo͂̃GR[hɂāAubNXgɂ͂̑Ó̊mF͊Sł͂܂(CWE-184)B‚̕GR[h@݂͑邽߁AƂ”\܂B

tF[YF

AvP[V̏񌹂gݍ킹ăf[^쐬ꍇAf[^őÓ̊mFsĂBX̃f[^vfÓ̊mFʉ߂ƂĂAgݍf[^Ó̊mFʉ߂Ƃ͌܂B

tF[YF

C^[v^^ꂩlCeBuR[h֓ÃoCi܂ŃR[hnꍇɂ́Aɒӂē͂̑Ó̊mFsĂBoCiԂŗ\Ȃݍp”\܂BnR[hAňɂƂė\ĂȂ͂łȂmFĂBႦ΁AJava ̓obt@I[o[t[̉e󂯂ɂłAlCeBuR[ȟĂяoɂ傫Ȉ̎󂯓nɂAI[o[t[N”\܂B

tF[YF

񂩂琔ւ̕ϊ֐gpȂǁA͂ꂽf[^\ꂽf[^̎ނɕϊĉBΐAl\ꂽ͈͂Ɏ܂Ă邩ÃtB[hԂɂĈѐۂĂ邩mFĉB

tF[YF

ÓmFOɓ͂fR[hAAvP[V݂̌̓\ɐKĉ(CWE-180A CWE-181)B܂AAvP[V͂ȏfR[hĂ܂Ȃ悤mFĉ(CWE-174)B̂悤ȃG[̓`FbNς݂̊댯ȓ͂ĂэނƂɂAzCgXg邱Ƃɗp܂BOWASP ESAPI Canonicalization control ̂悤ȃCugpĉB

ȏωȂȂ܂œ͂̐KJԂĉBɂAdfR[hގ錻ۂhƂ”\łB̏ꍇAK؂ɃGR[hꂽ댯ȃRec܂ޓ͂Ă܂”\܂B

tF[YF

R|[lgԂŃf[^肷ꍇÃR|[lgGR[hsĂ邱ƂmFĉBꂼ̃C^[tF[XɂāAK؂ɃGR[fBOsĂ邱ƂmFĂBvgR”\ȌAGR[h𖾎Iɐݒ肵ĉB

tF[YFeXg

{Ǝ㐫o”\ȎÓI̓c[gpĂBŋ߂̑̎@́AtH[X|WeBuŏ邽߂Ƀf[^t[͂gpĂ܂Bc[ɂ 100% ̐xJo[͈͎̔͂s”\ł邽߁Aȉł͂܂B

tF[YFeXg

t@YeXg(t@WO)AoXglXeXg(挒̃eXg)AtH[gCWFNV(G[킴ƋNeXg)A푽lȓ͂–cȃeXgP[Xgpă\tgEFA𕪐͂AIȃc[ZpgpĂB\tgEFȀx͒ቺ܂AsɂȂANbVAsmȌʂoƂƂ͂܂B

֌W

 

Nature Type ID Name View(s) this relationship pertains to
ChildOf Category 19 Data Handling Development Concepts (primary)699
ChildOf Weakness Class 693 Protection Mechanism Failure Research Concepts (primary)1000
ChildOf Category 722 OWASP Top Ten 2004 Category A1 - Unvalidated Input Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf Category 738 CERT C Secure Coding Section 04 - Integers (INT) Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf Category 742 CERT C Secure Coding Section 08 - Memory Management (MEM) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf Category 746 CERT C Secure Coding Section 12 - Error Handling (ERR) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf Category 747 CERT C Secure Coding Section 49 - Miscellaneous (MSC) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf Category 751 Insecure Interaction Between Components Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
CanPrecede Weakness Class 22 Path Traversal Research Concepts1000
CanPrecede Weakness Base 41 Failure to Resolve Path Equivalence Research Concepts1000
CanPrecede Weakness Class 74 Failure to Sanitize Data into a Different Plane (aka 'Injection') Research Concepts1000
CanPrecede Weakness Base 15 External Control of System or Configuration Setting Seven Pernicious Kingdoms (primary)700
ParentOf Category 21 Pathname Traversal and Equivalence Errors Development Concepts (primary)699
ParentOf Weakness Class 73 External Control of File Name or Path Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Class 77 Failure to Sanitize Data into a Control Plane (aka 'Command Injection') Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 79 Failure to Preserve Web Page Structure (aka 'Cross-site Scripting') Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 89 Failure to Preserve SQL Query Structure (aka 'SQL Injection') Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 99 Insufficient Control of Resource Identifiers (aka 'Resource Injection') Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Class 100 Technology-Specific Input Validation Problems Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Variant 102 Struts: Duplicate Validation Forms Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 103 Struts: Incomplete validate() Method Definition Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 104 Struts: Form Bean Does Not Extend Validation Class Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 105 Struts: Form Bean Does Not Extend Validation Class Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOf Weakness Variant 106 Struts: Plug-in Framework not in Use Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 107 Struts: Unused Validation Form Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 108 Struts: Unvalidated Action Form Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOf Weakness Variant 109 Struts: Validator Turned Off Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 110 Struts: Validator Without Form Field Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 111 Direct Use of Unsafe JNI Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 112 Missing XML Validation Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOf Weakness Base 113 Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting') Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 114 Process Control Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOf Weakness Base 117 Incorrect Output Sanitization for Logs Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Class 119 Failure to Constrain Operations within the Bounds of a Memory Buffer Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOf Compound Element: Composite 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 129 Improper Validation of Array Index Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 134 Uncontrolled Format String Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 170 Improper Null Termination Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 190 Integer Overflow or Wraparound Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 466 Return of Pointer Value Outside of Expected Range Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Base 470 Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection') Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 554 ASP.NET Misconfiguration: Not Using Input Validation Framework Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Variant 601 URL Redirection to Untrusted Site (aka 'Open Redirect') Development Concepts (primary)699
ParentOf Weakness Base 606 Unchecked Input for Loop Condition Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 621 Variable Extraction Error Development Concepts (primary)699
ParentOf Weakness Variant 622 Unvalidated Function Hook Arguments Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Variant 626 Null Byte Interaction Error (Poison Null Byte) Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Compound Element: Chain 680 Integer Overflow to Buffer Overflow Research Concepts (primary)1000
ParentOf Compound Element: Chain 690 Unchecked Return Value to NULL Pointer Dereference Research Concepts (primary)1000
ParentOf Compound Element: Chain 692 Incomplete Blacklist to Cross-Site Scripting Research Concepts (primary)1000
ParentOf Weakness Variant 781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Variant 785 Use of Path Manipulation Function without Maximum-sized Buffer Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOf Weakness Variant 789 Uncontrolled Memory Allocation Research Concepts1000
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
MemberOf View 700 Seven Pernicious Kingdoms Seven Pernicious Kingdoms (primary)700

 

֌W̕⑫

\z郁bZ[W̓ɂẮAK؂ȓ͊mF́AꕶbZ[ẄӖω邱ƂԐړIɖh߁ACWE-116 Ƌ߂֌Wɂ܂BႦ΁Al ID tB[h́A0-9̂݊̕܂܂Ă邱ƂmF邱ƂŁACWFNVUʓIɖhƂ”\łB

AR`̃eLXgȂǁAɃf[^̎ނłȂꍇA͊mFɗLłƂ͌܂B
NGɖ} SQL CWFNṼViIɋ܂BuO'Reillyv͉pł͂悭閼̂߁A͂̑Ó̊mFʉ߂悤Ɍ܂AA|XgtB܂܂Ă邽߁AGXP[v⑼̏Kv܂B̏ꍇAA|XgtB菜Ƃ SQL CWFNṼXN炷Ƃł܂AsmȖOo^Ă܂߁A듮N”\܂B.

v iCWE ̌j

͂̑Ó`FbN̎@A`FbNsAvP[Vɂ镪ނ̌͂܂\ł͂܂B\ĂƎ㐫̑́APɁu͂̑Ó`FbNv̖ƂLqA`FbN@A”\ȐƎ㐫ɂ‚ė[߂悤ȏڍ׏͒񋟂Ă܂BÓ`FbŃAtB^Oϊɂ鋭Ȃ̖̎@ƑΔ䂵āAߓxɋĂ܂Bvulnerability theory paper QƂĂB

̕⑫

u͂̑Ó`FbNvƂp͋ɂ߂ĈʓIłAp̎g͗lXłB‚̃P[Xł́A{IȐƎ㐫Bɂ邽߂A֘AGȎۂBƂړIƂĎg܂B

tB^OAKGXP[v̂悤ȁA͂K؂ł邱ƂmFlXȖiJo[AIȗpƂĂgp܂B܂AƋɂĒPɁu͂ωA҂lł邱Ƃ̊mFvƂӖłgpĂ܂BCWEł͂̋̉߂gp܂B

gDł̕

 

gD܂͑gDł̕ m[h ID CWE̕ނƂ̓Kx ޖ
7 Pernicious Kingdoms Input validation and representation
OWASP Top Ten 2004 A1 CWE ̕ڍ Unvalidated Input
CERT C Secure Coding ERR07-C Prefer functions that support error checking over equivalent functions that don't
CERT C Secure Coding INT06-C Use strtol() or a related function to convert a string token to an integer
CERT C Secure Coding MEM10-C Define and use a pointer validation function
CERT C Secure Coding MSC08-C Library functions should validate their parameters
WASC 20 Improper Input Handling

 

֘AUp^[

 

CAPEC-ID Up^[ (CAPEC Version 1.5)
3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
7 Blind SQL Injection
8 Buffer Overflow in an API Call
9 Buffer Overflow in Local Command-Line Utilities
10 Buffer Overflow via Environment Variables
13 Subverting Environment Variable Values
14 Client-side Injection-induced Buffer Overflow
22 Exploiting Trust in Client (aka Make the Client Invisible)
24 Filter Failure through Buffer Overflow
28 Fuzzing
31 Accessing/Intercepting/Modifying HTTP Cookies
42 MIME Conversion
43 Exploiting Multiple Input Interpretation Layers
88 OS Command Injection
45 Buffer Overflow via Symbolic Links
46 Overflow Variables and Tags
47 Buffer Overflow via Parameter Expansion
52 Embedding NULL Bytes
53 Postfix, Null Terminate, and Backslash
101 Server Side Include (SSI) Injection
64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
66 SQL Injection
67 String Format Overflow in syslog()
72 URL Encoding
73 User-Controlled Filename
78 Using Escaped Slashes in Alternate Encoding
79 Using Slashes in Alternate Encoding
99 XML Parser Attack
83 XPath Injection
85 Client Network Footprinting (using AJAX/XSS)
86 Embedding Script (XSS ) in HTTP Headers
32 Embedding Scripts in HTTP Query Strings
18 Embedding Scripts in Nonscript Elements
63 Simple Script Injection
71 Using Unicode Encoding to Bypass Validation Logic
80 Using UTF-8 Encoding to Bypass Validation Logic
81 Web Logs Tampering
91 XSS in IMG Tags
104 Cross Zone Scripting
106 Cross Site Scripting through Log Files
108 Command Line Execution through SQL Injection
109 Object Relational Mapping Injection
110 SQL Injection through SOAP Parameter Tampering
171 Variable Manipulation

 

Q

Jim Manico. "Input Validation with ESAPI - Very Important ". 2008-08-15. <http://manicode.blogspot.com/2008/08/input-validation-with-esapi.html>.
"OWASP Enterprise Security API (ESAPI) Project". <http://www.owasp.org/index.php/ESAPI>.
Joel Scambray, Mike Shema and Caleb Sima. "Hacking Exposed Web Applications, Second Edition". Input Validation Attacks. McGraw-Hill. 2006-06-05. 
Jeremiah Grossman. "Input validation or output filtering, which is better?". 2007-01-30. <http://jeremiahgrossman.blogspot.com/2007/01/input-validation-or-output-filtering.html>.
Kevin Beaver. "The importance of input validation". 2006-09-06. <http://searchsoftwarequality.techtarget.com/tip/0,289483,sid92_gci1214373,00.html>.
[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 10, "All Input Is Evil!" Page 341. 2nd Edition. Microsoft. 2002.

ێ⑫

͂̑Ó`FbN(邢͕sK؂łƂĂ)AlXȐƎ㐫ɑ΂ZLAJ̈ꕔƂĕKvsŒłA܂LmĂ܂B`IɁAobt@I[o[t[ XSS ̂悤Ȗ́A͂̑Ó`FbN̖łƃZLeB̐Ƃɂĕނ܂BA͂̑Ó`FbŃÂ悤ȖɂėBLȉƂ킯ł͂ȂA܂ꍇɂ͓͂̑Ó`FbNł͕s\ȃP[X܂BCWE `[́AЂƂ܂Ƃ߂ɂĂ邱̈Ⴂ Research Concepts view (CWE-1000) ɂĐn߂܂A܂̌KvłB

XV

[2021N0630]
   2021N0630_̃f[^ɁA̕⑫̌fڈʒuƓeύX
[2011N0421]
  2010N1012_̃f[^ɍXV
[2009N0629]
  2009N0202_̉L URL ɍ쐬
    http://cwe.mitre.org/data/definitions/20.html

o^ 2011/04/21

ŏIXV 2023/04/04