界: Code Quality
代码质量不佳会导致不可预测的行为。对于用户来说,通常表现为可用性差。对于攻击者来说,提供了以意外方式对系统施加压力的机会。
Uninitialized Variable
Abstract
程序可能会在初始化之前使用一个变量。
Explanation
在 .Net 中,会将静态变量初始化为默认值,但是如果未进行初始化就直接使用这些变量,可能会导致基于业务逻辑的问题,或者可能被用于执行拒绝服务 (DoS) 攻击。程序应该永不使用变量的默认值。
对于程序员来说,他们通常会使用代码中 uninitialized variable 来处理错误或是一些特殊和异常的情况。uninitialized variable 警告有时能够指出代码中存在的排字错误。
示例 1:下面的代码将由 .Net 编译器在不出现任何错误的情况下进行编译。但是,下面的语句
多数 Uninitialized Variable 问题都是由软件的可靠性造成的,但如果攻击者能够故意触发 Uninitialized Variable 的使用,那么他们就能通过引发程序崩溃来发动 Denial of Service 攻击。
对于程序员来说,他们通常会使用代码中 uninitialized variable 来处理错误或是一些特殊和异常的情况。uninitialized variable 警告有时能够指出代码中存在的排字错误。
示例 1:下面的代码将由 .Net 编译器在不出现任何错误的情况下进行编译。但是,下面的语句
int a = (Int32)i + (Int32)j; 会抛出未处理的异常,并造成应用程序在运行时崩溃。
class Program
{
static int? i = j;
static int? j;
static void Main(string[] args)
{
j = 100;
int a = (Int32)i + (Int32)j;
Console.WriteLine(i);
Console.WriteLine(j);
Console.WriteLine(a);
}
}
多数 Uninitialized Variable 问题都是由软件的可靠性造成的,但如果攻击者能够故意触发 Uninitialized Variable 的使用,那么他们就能通过引发程序崩溃来发动 Denial of Service 攻击。
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 457, CWE ID 824
[2] Standards Mapping - Common Weakness Enumeration Top 25 2024 [12] CWE ID 020, [20] CWE ID 119
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 9.1
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 9.1
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 8-5-1
[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023 Rule 11.6.2
[8] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[9] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[10] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[12] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 665
[13] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[35] Standards Mapping - Smart Contract Weakness Classification SWC-109
[36] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[37] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.structural.dotnet.uninitialized_variable
Abstract
程序可能会在初始化之前使用变量。
Explanation
默认情况下,C 语言和 C++ 语言中的堆栈变量是未经初始化的。它们的初始值取决于调用函数时,它们所在的栈发生了什么情况。程序应该永不使用 uninitialized variable。
对于程序员来说,他们通常会使用代码中 uninitialized variable 来处理错误或是一些特殊和异常的情况。uninitialized variable 警告有时能够指出代码中存在的排字错误。
示例 1:以下 Switch 语句旨在设置变量
大多数未初始化的变量会导致一般的软件可靠性问题,但如果攻击者故意触发未初始化变量的使用,他们可能会通过使程序崩溃来发起 Denial of Service 攻击。在适当的情况下,攻击者可能会通过影响函数调用之前堆栈上的值来控制未初始化变量的值。
对于程序员来说,他们通常会使用代码中 uninitialized variable 来处理错误或是一些特殊和异常的情况。uninitialized variable 警告有时能够指出代码中存在的排字错误。
示例 1:以下 Switch 语句旨在设置变量
aN 和 bN 的值,但在默认情况下,程序员意外地设置了两次 aN 的值。
switch (ctl) {
case -1:
aN = 0; bN = 0;
break;
case 0:
aN = i; bN = -i;
break;
case 1:
aN = i + NEXT_SZ; bN = i - NEXT_SZ;
break;
default:
aN = -1; aN = -1;
break;
}
大多数未初始化的变量会导致一般的软件可靠性问题,但如果攻击者故意触发未初始化变量的使用,他们可能会通过使程序崩溃来发起 Denial of Service 攻击。在适当的情况下,攻击者可能会通过影响函数调用之前堆栈上的值来控制未初始化变量的值。
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 457, CWE ID 824
[2] Standards Mapping - Common Weakness Enumeration Top 25 2024 [12] CWE ID 020, [20] CWE ID 119
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 9.1
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 9.1
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 8-5-1
[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023 Rule 11.6.2
[8] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[9] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[10] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[12] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 665
[13] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[35] Standards Mapping - Smart Contract Weakness Classification SWC-109
[36] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[37] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.cpp.uninitialized_variable