An API is a contract between a caller and a callee. The most common forms of API abuse are caused by the caller failing to honor its end of this contract. For example, if a program fails to call chdir() after calling chroot(), it violates the contract that specifies how to change the active root directory in a secure fashion. Another good example of library abuse is expecting the callee to return trustworthy DNS information to the caller. In this case, the caller abuses the callee API by making certain assumptions about its behavior (that the return value can be used for authentication purposes). One can also violate the caller-callee contract from the other side. For example, if a coder subclasses SecureRandom and returns a non-random value, the contract is violated.
VirtualLock to lock pages that contain sensitive data. The function is not always implemented.VirtualLock function is intended to lock pages in memory to prevent them from being paged to disk. However, on Windows 95/98/ME the function is implemented as stub only and has no effect.private and final, then mistakenly creates a method that mutates the Set.
@Immutable
public final class ThreeStooges {
private final Set stooges = new HashSet>();
...
public void addStooge(String name) {
stooges.add(name);
}
...
}
final.Immutable, from the JCIP annotations package. A non-final field violates the immutability of the class by allowing the value to be changed.public and not final.
@Immutable
public class ImmutableInteger {
public int value;
}
public and final.
@Immutable
public final class ThreeStooges {
public final Set stooges = new HashSet();
...
}
ctx = new InitialContext();
datasource = (DataSource)ctx.lookup(DB_DATASRC_REF);
conn = datasource.getConnection();
conn = DriverManager.getConnection(CONNECT_STRING);
--auto-tls flag to true. As a result, the etcd instance uses self-signed certificates for TLS connections with clients.
...
spec:
containers:
- command:
...
- etcd
...
- --auto-tls=true
...
RegisterModel or Details classes:
public ActionResult Register(RegisterModel model)
{
if (ModelState.IsValid)
{
try
{
return RedirectToAction("Index", "Home");
}
catch (MembershipCreateUserException e)
{
ModelState.AddModelError("", "");
}
}
return View(model);
}
RegisterModel class is defined as:
public class RegisterModel
{
[BindRequired]
[Display(Name = "User name")]
public string UserName { get; set; }
[BindRequired]
[DataType(DataType.Password)]
[Display(Name = "Password")]
public string Password { get; set; }
[DataType(DataType.Password)]
[Display(Name = "Confirm password")]
public string ConfirmPassword { get; set; }
public Details Details { get; set; }
public RegisterModel()
{
Details = new Details();
}
}
Details class is defined as:Example 2: When using
public class Details
{
public bool IsAdmin { get; set; }
...
}
TryUpdateModel() or UpdateModel() in ASP.NET MVC or Web API applications, the model binder will automatically try to bind all HTTP request parameters by default:Example 3: In ASP.NET Web Form applications, the model binder will automatically try to bind all HTTP request parameters when using
public ViewResult Register()
{
var model = new RegisterModel();
TryUpdateModel<RegisterModel>(model);
return View("detail", model);
}
TryUpdateModel() or UpdateModel() with IValueProvider interface.
Employee emp = new Employee();
TryUpdateModel(emp, new System.Web.ModelBinding.FormValueProvider(ModelBindingExecutionContext));
if (ModelState.IsValid)
{
db.SaveChanges();
}
Employee class is defined as:
public class Employee
{
public Employee()
{
IsAdmin = false;
IsManager = false;
}
public string Name { get; set; }
public string Email { get; set; }
public bool IsManager { get; set; }
public bool IsAdmin { get; set; }
}
Booking class:
<view-state id="enterBookingDetails" model="booking">
<on-render>
<render fragments="body" />
</on-render>
<transition on="proceed" to="reviewBooking">
</transition>
<transition on="cancel" to="cancel" bind="false" />
</view-state>
Booking class is defined as:
public class Booking implements Serializable {
private Long id;
private User user;
private Hotel hotel;
private Date checkinDate;
private Date checkoutDate;
private String creditCard;
private String creditCardName;
private int creditCardExpiryMonth;
private int creditCardExpiryYear;
private boolean smoking;
private int beds;
private Set<Amenity> amenities;
// Public Getters and Setters
...
}
Order, Customer, and Profile are Microsoft .NET Entity persisted classes.
public class Order {
public string ordered { get; set; }
public List<LineItem> LineItems { get; set; }
pubilc virtual Customer Customer { get; set; }
...
}
public class Customer {
public int CustomerId { get; set; }
...
public virtual Profile Profile { get; set; }
...
}
public class Profile {
public int profileId { get; set; }
public string username { get; set; }
public string password { get; set; }
...
}
OrderController is the ASP.NET MVC controller class handling the request:
public class OrderController : Controller{
StoreEntities db = new StoreEntities();
...
public String updateOrder(Order order) {
...
db.Orders.Add(order);
db.SaveChanges();
}
}
Order, Customer, and Profile are Hibernate persisted classes.
public class Order {
String ordered;
List lineItems;
Customer cust;
...
}
public class Customer {
String customerId;
...
Profile p;
...
}
public class Profile {
String profileId;
String username;
String password;
...
}
OrderController is the Spring controller class handling the request:
@Controller
public class OrderController {
...
@RequestMapping("/updateOrder")
public String updateOrder(Order order) {
...
session.save(order);
}
}
[FromBody] annotation is used.[FromBody] annotation is applied to a complex parameter of an action, then any other binding attributes such as [Bind] or [BindNever] applied to the type of the parameter or any of its fields are effectively ignored, which means that mitigation using binding annotations is impossible.[FromBody] annotation is applied to a parameter of an action, the model binder automatically tries to bind all parameters specified in the body of the request using an Input Formatter. By default, the binder uses the JSON Input Formatter to try and bind all possible parameters that come from the body of the request:
[HttpPost]
public ActionResult Create([FromBody] Product p)
{
return View(p.Name);
}
[Bind] or [BindNever] applied to the Product type that follows are ignored due to Input Formatters being used when the [FromBody] annotation is present.
public class Product
{
...
public string Name { get; set; }
public bool IsAdmin { get; set; }
...
}
null.Item property is null before calling the member function Equals(), potentially causing a null dereference.
string itemName = request.Item(ITEM_NAME);
if (itemName.Equals(IMPORTANT_ITEM)) {
...
}
...
null value."null.malloc().
buf = (char*) malloc(req_size);
strncpy(buf, xfer, req_size);
malloc() fail because req_size was too large or because there were too many requests being handled at the same time? Or was it caused by a memory leak that has built up over time? Without handling the error, there is no way to know.null.getParameter() is null before calling the member function compareTo(), potentially causing a null dereference.Example 2:. The following code shows a system property that is set to
String itemName = request.getParameter(ITEM_NAME);
if (itemName.compareTo(IMPORTANT_ITEM)) {
...
}
...
null and later dereferenced by a programmer who mistakenly assumes it will always be defined.
System.clearProperty("os.name");
...
String os = System.getProperty("os.name");
if (os.equalsIgnoreCase("Windows 95") )
System.out.println("Not supported");
null value."null.Object.equals(), Comparable.compareTo(), and Comparator.compare() must return a specified value if their parameters are null. Failing to follow this contract may result in unexpected behavior.equals() method does not compare its parameter with null.
public boolean equals(Object object)
{
return (toString().equals(object.toString()));
}
clone() method should call super.clone() to obtain the new object.clone() should obtain the new object by calling super.clone(). If a class fails to follow this convention, a subclass's clone() method will return an object of the wrong type.super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer's clone method will return an object of type Kibitzer instead of FancyKibitzer.
public class Kibitzer implements Cloneable {
public Object clone() throws CloneNotSupportedException {
Object returnMe = new Kibitzer();
...
}
}
public class FancyKibitzer extends Kibitzer
implements Cloneable {
public Object clone() throws CloneNotSupportedException {
Object returnMe = super.clone();
...
}
}
Equals() and GetHashCode().a.Equals(b) == true then a.GetHashCode() == b.GetHashCode().Equals() but not GetHashCode().
public class Halfway() {
public override boolean Equals(object obj) {
...
}
}
equals() and hashCode().a.equals(b) == true then a.hashCode() == b.hashCode().equals() but not hashCode().
public class halfway() {
public boolean equals(Object obj) {
...
}
}
saveState() and restoreState().saveState(javax.faces.context.FacesContext) and restoreState(javax.faces.context.FacesContext, java.lang.Object) or implement neither of them. Because these two methods have a tightly coupled relationship, it is not permissible to have the saveState(javax.faces.context.FacesContext) and restoreState(javax.faces.context.FacesContext, java.lang.Object) methods reside at different levels of the inheritance hierarchy.saveState() and not restoreState(), so it is always in error no matter what any class that extends
public class KibitzState implements StateHolder {
public Object saveState(FacesContext fc) {
...
}
}
checkCallingOrSelfPermission() or checkCallingOrSelfUriPermission() determine whether the calling program has the required permission to access a certain service or a given URI. However, these functions should be used with care as they can grant access to malicious applications, lacking the appropriate permissions, by assuming your applications permissions.Assert() with a specific permission it is a way to say that the current controlflow has the specified permission. This in turn leads to the .NET framework stopping any further permission checks as long as it satisfies the needed permissions, meaning that code that calls the code making the call to Assert() may not have the required permission. The use of Assert() is helpful in some cases, but can lead to vulnerabilities when this allows a malicious user to get control of a resource that they would not have permission to otherwise.
IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);
IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);
if (hostInfo.HostName.EndsWith("trustme.com")) {
trusted = true;
}
getlogin() function is easy to spoof. Do not rely on the name it returns.getlogin() function is supposed to return a string containing the name of the user currently logged in at the terminal, but an attacker may cause getlogin() to return the name of any user logged in to the machine. Do not rely on the name returned by getlogin() when making security decisions.getlogin() to determine whether or not a user is trusted. It is easily subverted.
pwd = getpwnam(getlogin());
if (isTrustedGroup(pwd->pw_gid)) {
allow();
} else {
deny();
}
String ip = request.getRemoteAddr();
InetAddress addr = InetAddress.getByName(ip);
if (addr.getCanonicalHostName().endsWith("trustme.com")) {
trusted = true;
}
Boolean.getBoolean() is often confused with Boolean.valueOf() or Boolean.parseBoolean() method calls.Boolean.getBoolean() is often misused as it is assumed to return the boolean value represented by the specified string argument. However, as stated in the Javadoc Boolean.getBoolean(String) method "Returns true if and only if the system property named by the argument exists and is equal to the string 'true'."Boolean.valueOf(String) or Boolean.parseBoolean(String) method.Boolean.getBoolean(String) does not translate a String primitive. It only translates system property.
...
String isValid = "true";
if ( Boolean.getBoolean(isValid) ) {
System.out.println("TRUE");
}
else {
System.out.println("FALSE");
}
...