ByteOS Network

CWE-792:Incomplete Filtering of One or More Instances of Special Elements

Weakness ID:792

Version:v4.17

Weakness Name:Incomplete Filtering of One or More Instances of Special Elements

Vulnerability Mapping:Allowed

Abstraction:Variant

Structure:Simple

Status:Incomplete

Details Content History Observed CVE Examples Reports

▼Description

The product receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.

▼Extended Description

Incomplete filtering of this nature involves either:

only filtering a single instance of a special element when more exist, or

not filtering all instances or all elements where multiple special elements exist.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
ChildOf	Allowed	B	791	Incomplete Filtering of Special Elements
ParentOf	Allowed	V	793	Only Filtering One Instance of a Special Element
ParentOf	Allowed	V	794	Incomplete Filtering of Multiple Instances of Special Elements

Nature: ChildOf

Mapping: Allowed

Type: Base

ID: 791

Name: Incomplete Filtering of Special Elements

Nature: ParentOf

Mapping: Allowed

Type: Variant

ID: 793

Name: Only Filtering One Instance of a Special Element

Nature: ParentOf

Mapping: Allowed

Type: Variant

ID: 794

Name: Incomplete Filtering of Multiple Instances of Special Elements

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1019	Validate Inputs
MemberOf	Prohibited	C	1407	Comprehensive Categorization: Improper Neutralization

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1019

Name: Validate Inputs

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1407

Name: Comprehensive Categorization: Improper Neutralization

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-315	Unexpected State (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-315

Name: Unexpected State (impact)

▼Relevant To View

Relevant to the view"Architectural Concepts - (1008)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1019	Validate Inputs

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 1019

Name: Validate Inputs

▼Common Consequences

Scope	Likelihood	Impact	Note
Integrity	N/A	Unexpected State	N/A

Scope: Integrity

Likelihood: N/A

Impact: Unexpected State

Note:

N/A

▼Modes Of Introduction

Phase: Implementation

Note:

REALIZATION: This weakness is caused during implementation of an architectural security tactic.

▼Demonstrative Examples

Example 1

The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.

Language: Perl(Bad code)

my $Username = GetUntrustedInput(); $Username =~ s/\.\.\///; my $filename = "/home/user/" . $Username; ReadAndSendFile($filename);

Since the regular expression does not have the /g global match modifier, it only removes the first instance of "../" it comes across. So an input value such as:

(Attack code)

../../../etc/passwd

will have the first "../" stripped, resulting in:

(Result code)

../../etc/passwd

This value is then concatenated with the /home/user/ directory:

(Result code)

/home/user/../../etc/passwd

which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23).

▼Vulnerability Mapping Notes

Usage:Allowed

Reason:Acceptable-Use

Rationale:

This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.