...
For example, POSIX file systems provide a syntax for expressing file names on the system using paths. A path is a string which indicates how to find any file by starting at a particular directory (usually the current working directory), and traversing down directories until the file is found. Canonical paths lack both symbolic links and special entries such as '.' or '..', which are handled specially on POSIX systems. Each file accessible from a directory has exactly one canonical path, along with many non-canonical paths.
In particular, complex subsystems are often components that accept string data that specifies commands or instructions to a the component. String data passed to these components may contain special characters that can trigger commands or actions, resulting in a software vulnerability.
Examples of components which can interpret commands or instructions:
- Operating system command interpreter (see guideline IDS06-J. Prevent OS Command Injection)
- A data repository with an SQL-compliant interface (see guideline IDS07-J. Prevent SQL Injection)
- XML parser (see guideline IDS08-J. Prevent XML Injection)
- XPath evaluators (see guideline IDS09-J. Prevent XPath Injection)
- A SAX (Simple API for XML) or a DOM (Document Object Model) parser (see guideline IDS10-J. Prevent XML external entity attacks)
- Lightweight Directory Access Protocol (LDAP) directory service (see guideline IDS11-J. Prevent LDAP injection)
- Script engines (see guideline IDS12-J. Prevent code injection)
Many rules address proper filtering of untrusted input, especially when such input is passed to a complex subsystemcomponent that can interpret commands or instructions. For example, see IDS08-J. Prevent XML Injection.
...
Like trust boundaries, the system's security policy determines which information is sensitive. A component cannot define which information is sensitive; it can only provide support for handling information that may potentially be declared sensitive by the system administrator.
Java software components provide many opportunities to output sensitive information. Several rules address the mitigation of sensitive information disclosure, including EXC06-J. Do not allow exceptions to expose sensitive information and FIO08-J. Do not log sensitive information.
In particular, security sinks are often components that accept string data that specifies commands or instructions to a the component. String data passed to these components may contain special characters that can trigger commands or actions, resulting in a software vulnerability.
Examples of components which can interpret commands:
...
.
...
Guidelines
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...