CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE-792: Incomplete Filtering of One or More Instances of Special Elements

Weakness ID: 792
Abstraction: Variant
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.

Extended Description

Incomplete filtering of this nature involves either

  • only filtering a single instance of a special element when more exist, or

  • not filtering all instances or all elements where multiple special elements exist.

+ Common Consequences
ScopeEffect
Integrity

Technical Impact: Unexpected state

+ Demonstrative Examples

Example 1

The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.

(Bad Code)
Example Language: Perl 
my $Username = GetUntrustedInput();
$Username =~ s/\.\.\///;
my $filename = "/home/user/" . $Username;
ReadAndSendFile($filename);

Since the regular expression does not have the /g global match modifier, it only removes the first instance of "../" it comes across. So an input value such as:

(Attack)
 
../../../etc/passwd

will have the first "../" stripped, resulting in:

(Result)
 
../../etc/passwd

This value is then concatenated with the /home/user/ directory:

(Result)
 
/home/user/../../etc/passwd

which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23).

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base791Incomplete Filtering of Special Elements
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant793Only Filtering One Instance of a Special Element
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant794Incomplete Filtering of Multiple Instances of Special Elements
Development Concepts (primary)699
Research Concepts (primary)1000
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2009-12-04MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2010-02-16CWE Content TeamMITREInternal
updated Demonstrative_Examples
2010-06-21CWE Content TeamMITREInternal
updated Description
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2017-01-19CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017