X-Content-Type-Options: nosniff
.X-Content-Type-Options
to nosniff
.X-Content-Type-Options: nosniff
for each page that could contain user-controllable content.net.http.DetectContentType()
to determine the response Content-Type:
...
resp, err := http.Get("http://example.com/")
if err != nil {
// handle error
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
content_type := DetectContentType(body)
...
X-Content-Type-Options
to nosniff
or explicitly disables this security header.X-Content-Type-Options: nosniff
.
<http auto-config="true">
...
<headers>
...
<content-type-options disabled="true"/>
</headers>
</http>
X-Content-Type-Options
to nosniff
or explicitly disables this security header.X-Content-Type-Options: nosniff
.X-Content-Type-Options
to nosniff
or explicitly disables this security header.X-Content-Type-Options: nosniff
.CL_ABAP_RANDOM
class or its variants) is seeded with a specific constant value, the values returned by GET_NEXT
, INT
and similar methods which return or assign values are predictable for an attacker that can collect a number of PRNG outputs.random_gen2
are predictable from the object random_gen1
.
DATA: random_gen1 TYPE REF TO cl_abap_random,
random_gen2 TYPE REF TO cl_abap_random,
var1 TYPE i,
var2 TYPE i.
random_gen1 = cl_abap_random=>create( seed = '1234' ).
DO 10 TIMES.
CALL METHOD random_gen1->int
RECEIVING
value = var1.
WRITE:/ var1.
ENDDO.
random_gen2 = cl_abap_random=>create( seed = '1234' ).
DO 10 TIMES.
CALL METHOD random_gen2->int
RECEIVING
value = var2.
WRITE:/ var2.
ENDDO.
random_gen1
and random_gen2
were identically seeded, so var1 = var2
rand()
) is seeded with a specific value (using a function like srand(unsigned int)
), the values returned by rand()
and similar methods which return or assign values are predictable for an attacker that can collect a number of PRNG outputs.
srand(2223333);
float randomNum = (rand() % 100);
syslog(LOG_INFO, "Random: %1.2f", randomNum);
randomNum = (rand() % 100);
syslog(LOG_INFO, "Random: %1.2f", randomNum);
srand(2223333);
float randomNum2 = (rand() % 100);
syslog(LOG_INFO, "Random: %1.2f", randomNum2);
randomNum2 = (rand() % 100);
syslog(LOG_INFO, "Random: %1.2f", randomNum2);
srand(1231234);
float randomNum3 = (rand() % 100);
syslog(LOG_INFO, "Random: %1.2f", randomNum3);
randomNum3 = (rand() % 100);
syslog(LOG_INFO, "Random: %1.2f", randomNum3);
randomNum1
and randomNum2
were identically seeded, so each call to rand()
after the call which seeds the pseudorandom number generator srand(2223333)
, will result in the same outputs in the same calling order. For example, the output might resemble the following:
Random: 32.00
Random: 73.00
Random: 32.00
Random: 73.00
Random: 15.00
Random: 75.00
math.Rand.New(Source)
), the values returned by math.Rand.Int()
and similar methods which return or assign values are predictable for an attacker that can collect a number of PRNG outputs.
randomGen := rand.New(rand.NewSource(12345))
randomInt1 := randomGen.nextInt()
randomGen.Seed(12345)
randomInt2 := randomGen.nextInt()
nextInt()
after the call that seeded the pseudorandom number generator (randomGen.Seed(12345)
), results in the same outputs and in the same order.Random
) is seeded with a specific value (using a function such as Random.setSeed()
), the values returned by Random.nextInt()
and similar methods which return or assign values are predictable for an attacker that can collect a number of PRNG outputs.Random
object randomGen2
are predictable from the Random
object randomGen1
.
Random randomGen1 = new Random();
randomGen1.setSeed(12345);
int randomInt1 = randomGen1.nextInt();
byte[] bytes1 = new byte[4];
randomGen1.nextBytes(bytes1);
Random randomGen2 = new Random();
randomGen2.setSeed(12345);
int randomInt2 = randomGen2.nextInt();
byte[] bytes2 = new byte[4];
randomGen2.nextBytes(bytes2);
randomGen1
and randomGen2
were identically seeded, so randomInt1 == randomInt2
, and corresponding values of arrays bytes1[]
and bytes2[]
are equal.Random
) is seeded with a specific value (using function such as Random(Int)
), the values returned by Random.nextInt()
and similar methods which return or assign values are predictable for an attacker that can collect a number of PRNG outputs.Random
object randomGen2
are predictable from the Random
object randomGen1
.
val randomGen1 = Random(12345)
val randomInt1 = randomGen1.nextInt()
val byteArray1 = ByteArray(4)
randomGen1.nextBytes(byteArray1)
val randomGen2 = Random(12345)
val randomInt2 = randomGen2.nextInt()
val byteArray2 = ByteArray(4)
randomGen2.nextBytes(byteArray2)
randomGen1
and randomGen2
were identically seeded, so randomInt1 == randomInt2
, and corresponding values of arrays byteArray1
and byteArray2
are equal.
...
import random
random.seed(123456)
print "Random: %d" % random.randint(1,100)
print "Random: %d" % random.randint(1,100)
print "Random: %d" % random.randint(1,100)
random.seed(123456)
print "Random: %d" % random.randint(1,100)
print "Random: %d" % random.randint(1,100)
print "Random: %d" % random.randint(1,100)
...
randint()
after the call that seeded the pseudorandom number generator (random.seed(123456)
), will result in the same outputs in the same output in the same order. For example, the output might resemble the following:
Random: 81
Random: 80
Random: 3
Random: 81
Random: 80
Random: 3
Random
) is seeded with a specific value (using a function like Random.setSeed()
), the values returned by Random.nextInt()
and similar methods which return or assign values are predictable for an attacker that can collect a number of PRNG outputs.Random
object randomGen2
are predictable from the Random
object randomGen1
.
val randomGen1 = new Random()
randomGen1.setSeed(12345)
val randomInt1 = randomGen1.nextInt()
val bytes1 = new byte[4]
randomGen1.nextBytes(bytes1)
val randomGen2 = new Random()
randomGen2.setSeed(12345)
val randomInt2 = randomGen2.nextInt()
val bytes2 = new byte[4]
randomGen2.nextBytes(bytes2)
randomGen1
and randomGen2
were identically seeded, so randomInt1 == randomInt2
, and corresponding values of arrays bytes1[]
and bytes2[]
are equal.CL_ABAP_RANDOM
(or its variants) should not be initialized with a tainted argument. Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and therefore predict the sequence of values produced by calls to methods including but not limited to: GET_NEXT
, INT
, FLOAT
, PACKED
.rand()
), which are passed a seed (such as srand()
); should not be called with a tainted argument. Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and therefore predict the sequence of values (usually integers) produced by calls to the pseudorandom number generator.ed25519.NewKeyFromSeed()
, should not be called with a tainted argument. Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and then can predict the sequence of values produced by calls to the pseudorandom number generator.Random.setSeed()
should not be called with a tainted integer argument. Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and therefore predict the sequence of values (usually integers) produced by calls to Random.nextInt()
, Random.nextShort()
, Random.nextLong()
, or returned by Random.nextBoolean()
, or set in Random.nextBytes(byte[])
.Random.setSeed()
should not be called with a tainted integer argument. Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and therefore predict the sequence of values (usually integers) produced by calls to Random.nextInt()
, Random.nextLong()
, Random.nextDouble()
, or returned by Random.nextBoolean()
, or set in Random.nextBytes(ByteArray)
.random.randint()
); should not be called with a tainted argument. Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and hence be able to predict the sequence of values (usually integers) produced by calls to the pseudorandom number generator.Random.setSeed()
should not be called with a tainted integer argument. Doing so allows an attacker to control the value used to seed the pseudorandom number generator, and therefore predict the sequence of values (usually integers) produced by calls to Random.nextInt()
, Random.nextShort()
, Random.nextLong()
, or returned by Random.nextBoolean()
, or set in Random.nextBytes(byte[])
.MAX_PATH
bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur.
char *createOutputDirectory(char *name) {
char outputDirectoryName[128];
if (getCurrentDirectory(128, outputDirectoryName) == 0) {
return null;
}
if (!PathAppend(outputDirectoryName, "output")) {
return null;
}
if (!PathAppend(outputDirectoryName, name)) {
return null;
}
if (SHCreateDirectoryEx(NULL, outputDirectoryName, NULL)
!= ERROR_SUCCESS) {
return null;
}
return StrDup(outputDirectoryName);
}
output\<name>
" in the current directory and returns a heap-allocated copy of its name. For most values of the current directory and the name parameter, this function will work properly. However, if the name
parameter is particularly long, then the second call to PathAppend()
could overflow the outputDirectoryName
buffer, which is smaller than MAX_PATH
bytes.umask()
is often confused with the argument to chmod()
.umask()
man page begins with the false statement:chmod()
, where the user provided argument specifies the bits to enable on the specified file, the behavior of umask()
is in fact opposite: umask()
sets the umask to ~mask & 0777
.umask()
man page goes on to describe the correct usage of umask()
:open()
to set initial file permissions on a newly-created file. Specifically, permissions in the umask are turned off from the mode argument to open(2)
(so, for example, the common umask default value of 022 results in new files being created with permissions 0666 & ~022 = 0644 = rw-r--r-- in the usual case where the mode is specified as 0666)."
...
struct stat output;
int ret = stat(aFilePath, &output);
// error handling omitted for this example
struct timespec accessTime = output.st_atime;
...
umask()
is often confused with the argument to chmod()
.umask()
man page begins with the false statement:chmod()
, where the user provided argument specifies the bits to enable on the specified file, the behavior of umask()
is in fact opposite: umask()
sets the umask to ~mask & 0777
.umask()
man page goes on to describe the correct usage of umask()
:transactionId
to a temporary file in the application Documents directory using a vulnerable method:
...
//get the documents directory:
let documentsPath = NSSearchPathForDirectoriesInDomains(.DocumentDirectory, .UserDomainMask, true)[0]
//make a file name to write the data to using the documents directory:
let fileName = NSString(format:"%@/tmp_activeTrans.txt", documentsPath)
// write data to the file
let transactionId = "TransactionId=12341234"
transactionId.writeToFile(fileName, atomically:true)
...
doExchange()
.
try {
doExchange();
}
catch (RareException e) {
// this can never happen
}
RareException
were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program's behavior.DoExchange()
.
try {
DoExchange();
}
catch (RareException e) {
// this can never happen
}
RareException
were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program's behavior.doExchange()
.
try {
doExchange();
}
catch (RareException e) {
// this can never happen
}
RareException
were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program's behavior.doExchange()
.
try {
doExchange();
}
catch (exception $e) {
// this can never happen
}
RareException
were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program's behavior.open()
.
try:
f = open('myfile.txt')
s = f.readline()
i = int(s.strip())
except:
# This will never happen
pass
RareException
were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program's behavior.
...
var file:File = new File(directoryName + "\\" + fileName);
...
...
FileStream f = File.Create(directoryName + "\\" + fileName);
...
...
File file = new File(directoryName + "\\" + fileName);
...
...
os.open(directoryName + "\\" + fileName);
...
...
private static final String salt = "";
...
PBEKeySpec pbeSpec=new PBEKeySpec(password);
SecretKeyFactory keyFact=SecretKeyFactory.getInstance(CIPHER_ALG);
PBEParameterSpec defParams=new PBEParameterSpec(salt,100000);
Cipher cipher=Cipher.getInstance(CIPHER_ALG);
cipher.init(cipherMode,keyFact.generateSecret(pbeSpec),defParams);
...
...
CCKeyDerivationPBKDF(kCCPBKDF2,
password,
passwordLen,
"",
0,
kCCPRFHmacAlgSHA256,
100000,
derivedKey,
derivedKeyLen);
...
...
$hash = hash_pbkdf2('sha256', $password, '', 100000);
...
from hashlib import pbkdf2_hmac
...
dk = pbkdf2_hmac('sha256', password, '', 100000)
...
...
dk = OpenSSL::PKCS5.pbkdf2_hmac(password, "", 100000, 256, digest)
...
...
let ITERATION = UInt32(100000)
...
CCKeyDerivationPBKDF(CCPBKDFAlgorithm(kCCPBKDF2),
password,
passwordLength,
"",
0,
CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256),
ITERATION,
derivedKey,
derivedKeyLength)