|
Status: Draft Weakness ID: 94 (Weakness Class)Description Summary The product does not sufficiently filter code (control-plane) syntax from user-controlled input (data plane) when that input is used within code that the product generates. Potential Mitigations Implementation Utilize an appropriate mix of whitelist and blacklist parsing to filter non-relevant code syntax from all input that should not contain code. Run time: Run time policy enforcement may be used in a whitelist fashion to prevent execution of any non-sanctioned code. Assign permissions to the software system that prevent the user from accessing/opening privileged files. Research Gaps Many of these weaknesses are under-studied and under-researched, and terminology is not sufficiently precise. Relationships
Taxonomy Mappings
Applicable Platforms Languages Interpreted languages (Sometimes) Time of Introduction Architecture and Design ImplementationRelated Attack Patterns
Content History Submissions PLOVER. (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Applicable_Platforms, Relationships, Research_Gaps, Taxonomy_Mappings |
|
|
|||