|
Status: Incomplete Weakness ID: 621 (Weakness Base)Description Summary The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified variables are valid. This could cause the program to overwrite unintended variables. Extended Description For example, in PHP, calling extract() or import_request_variables() without the proper arguments could allow arbitrary global variables to be overwritten, including superglobals. Similar functionality might be possible in other interpreted languages, including custom languages. Alternate Terms Variable overwrite Weakness Ordinalities Primary (where the weakness exists independent of other weaknesses) Potential Mitigations Use whitelists of variable names that can be extracted. Consider refactoring your code to avoid extraction routines altogether. In PHP, call extract() with options such as EXTR_SKIP and EXTR_PREFIX_ALL; call import_request_variables() with a prefix argument. Note that these capabilities are not present in all PHP versions. Observed Examples
Other Notes In general, variable extraction can make control and data flow analysis difficult to perform. For PHP, extraction can be used to provide functionality similar to register_globals, which is frequently disabled in production systems. Many PHP versions will overwrite superglobals in extract/import_request_variables calls. Research Gaps Probably under-reported for PHP. Under-studied for other interpreted languages. Relationships
Applicable Platforms Languages PHP Time of Introduction ImplementationContent History Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities CWE Content Team. MITRE. 2008-10-14. (Internal) updated Description |
|
|
|||