界: Code Quality
程式碼品質不佳,會導致無法預料的行為。從使用者的角度來看,這通常表現為可用性不佳。對於攻擊者而言,這提供了以意想不到的方式向系統施加壓力的機會。
Null Dereference
Abstract
程式可能會解除參照 Null 指標,因此造成
NullException。Explanation
Null 指標錯誤通常是由於一個或者多個程式設計人員的假設被破解而造成的。
大部分的 Null 指標問題都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發 Null 指標解除參照的話,攻擊者就可能會使用引發的異常來略過安全性邏輯,或是使應用程式洩漏出除錯資訊,這些資訊對於計畫後續攻擊很有價值。
範例 1:在以下程式碼中,程式設計人員假設系統永遠會定義一個名為「
大部分的 Null 指標問題都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發 Null 指標解除參照的話,攻擊者就可能會使用引發的異常來略過安全性邏輯,或是使應用程式洩漏出除錯資訊,這些資訊對於計畫後續攻擊很有價值。
範例 1:在以下程式碼中,程式設計人員假設系統永遠會定義一個名為「
cmd」的屬性。如果攻擊者可以控制程式環境,使「cmd」變成未定義狀態,那麼程式會在嘗試呼叫 Trim() 方法時拋出一個 Null 指標異常。
string cmd = null;
...
cmd = Environment.GetEnvironmentVariable("cmd");
cmd = cmd.Trim();
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 476
[2] Standards Mapping - Common Weakness Enumeration Top 25 2019 [14] CWE ID 476
[3] Standards Mapping - Common Weakness Enumeration Top 25 2020 [13] CWE ID 476
[4] Standards Mapping - Common Weakness Enumeration Top 25 2021 [15] CWE ID 476
[5] Standards Mapping - Common Weakness Enumeration Top 25 2022 [11] CWE ID 476
[6] Standards Mapping - Common Weakness Enumeration Top 25 2023 [12] CWE ID 476
[7] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[8] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[9] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 1.3
[10] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[11] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[12] Standards Mapping - OWASP API 2023 API1 Broken Object Level Authorization
[13] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[14] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[15] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[16] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.5
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.5
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.5
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.5
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[21] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 3.6 - Sensitive Data Retention
[22] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 3.6 - Sensitive Data Retention
[23] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 3.6 - Sensitive Data Retention
[24] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[45] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[46] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.dotnet.null_dereference
Abstract
程式可能解除參照一個 Null 指標,造成分段錯誤。
Explanation
Null 指標異常通常是由於一個或者多個程式設計師的假設遭到破解而造成的。此問題至少有三項特點:解除參照之後檢查、檢查後解除參照及儲存後解除參照。當程式在檢查指標是否為
大部分的 Null 指標問題都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發 Null 指標解除參照的話,攻擊者就可能會使用引發的異常來略過安全性邏輯以掛載 Denial of Service 攻擊,或是使應用程式洩漏出除錯資訊,這些資訊對於計畫後續攻擊很有價值。
範例 1:在以下程式碼中,程式設計師假設變數
null 之前先解除參照可能為 null 的指標,將會造成「解除參照之後檢查」的錯誤。當程式執行明確的 null 檢查,但仍繼續解除參照已知為 null 的指標時,將會造成「檢查後解除參照」的錯誤。這種類型的錯誤通常是打字錯誤或程式設計師的疏忽所造成。當程式明確的將某指標設定為 null,卻在之後解除參考該指標,則會發生儲存後解除參照錯誤。這種錯誤通常是由於程式設計師在宣告變數時將變數初始化為 null 所致。大部分的 Null 指標問題都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發 Null 指標解除參照的話,攻擊者就可能會使用引發的異常來略過安全性邏輯以掛載 Denial of Service 攻擊,或是使應用程式洩漏出除錯資訊,這些資訊對於計畫後續攻擊很有價值。
範例 1:在以下程式碼中,程式設計師假設變數
ptr 不是 NULL。當程式設計師取消參照指標時,這個假設就變得清楚。當程式設計師檢查 ptr 為 NULL 時,這個假設其實就出現其矛盾之處。若在 if 指令中檢查 ptr 時,其可為 NULL,則解除參照時也可為 NULL,並產生分段錯誤。範例 2:在以下程式碼中,程式設計師確定變數
ptr->field = val;
...
if (ptr != NULL) {
...
}
ptr 是 NULL,並在之後以錯誤的方式解除參照。若在 if 陳述式中檢查 ptr 時,其非 NULL,就會發生 null 解除參照,從而導致分段錯誤。範例 3:在以下程式碼中,程式設計師忘記了字串
if (ptr == null) {
ptr->field = val;
...
}
'\0' 實際上是 0 還是 NULL,因此解除參照 Null 指標,並導致分段錯誤。範例 4:在以下程式碼中,程式設計師明確地將變數
if (ptr == '\0') {
*ptr = val;
...
}
ptr 設定為 NULL。之後,程式設計師先解除參照 ptr,再檢查物件是否為 null 值。
*ptr = NULL;
...
ptr->field = val;
...
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 476
[2] Standards Mapping - Common Weakness Enumeration Top 25 2019 [14] CWE ID 476
[3] Standards Mapping - Common Weakness Enumeration Top 25 2020 [13] CWE ID 476
[4] Standards Mapping - Common Weakness Enumeration Top 25 2021 [15] CWE ID 476
[5] Standards Mapping - Common Weakness Enumeration Top 25 2022 [11] CWE ID 476
[6] Standards Mapping - Common Weakness Enumeration Top 25 2023 [12] CWE ID 476
[7] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[8] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[9] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 1.3
[10] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[11] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[12] Standards Mapping - OWASP API 2023 API1 Broken Object Level Authorization
[13] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[14] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[15] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[16] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.5
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.5
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.5
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.5
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[21] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 3.6 - Sensitive Data Retention
[22] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 3.6 - Sensitive Data Retention
[23] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 3.6 - Sensitive Data Retention
[24] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[45] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[46] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.cpp.null_dereference
Abstract
程式可能會解除參照 Null 指標,因此造成
NullPointerException。Explanation
Null 指標錯誤通常是由於一個或者多個程式設計人員的假設被破解而造成的。
大部分的 Null 指標問題都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發 Null 指標解除參照的話,攻擊者就可能會使用引發的異常來略過安全性邏輯,或是使應用程式洩漏出除錯資訊,這些資訊對於計畫後續攻擊很有價值。
範例:在以下程式碼中,程式設計人員假設系統永遠會定義一個名為「
大部分的 Null 指標問題都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發 Null 指標解除參照的話,攻擊者就可能會使用引發的異常來略過安全性邏輯,或是使應用程式洩漏出除錯資訊,這些資訊對於計畫後續攻擊很有價值。
範例:在以下程式碼中,程式設計人員假設系統永遠會定義一個名為「
cmd」的屬性。如果攻擊者可以控制程式環境,使「cmd」變成未定義狀態,那麼程式會在嘗試呼叫 trim() 方法時拋出一個 Null 指標異常。
String val = null;
...
cmd = System.getProperty("cmd");
if (cmd)
val = util.translateCommand(cmd);
...
cmd = val.trim();
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 476
[2] Standards Mapping - Common Weakness Enumeration Top 25 2019 [14] CWE ID 476
[3] Standards Mapping - Common Weakness Enumeration Top 25 2020 [13] CWE ID 476
[4] Standards Mapping - Common Weakness Enumeration Top 25 2021 [15] CWE ID 476
[5] Standards Mapping - Common Weakness Enumeration Top 25 2022 [11] CWE ID 476
[6] Standards Mapping - Common Weakness Enumeration Top 25 2023 [12] CWE ID 476
[7] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[8] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[9] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 1.3
[10] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[11] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[12] Standards Mapping - OWASP API 2023 API1 Broken Object Level Authorization
[13] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[14] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[15] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[16] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.5
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.5
[18] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.5
[19] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.5
[20] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[21] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 3.6 - Sensitive Data Retention
[22] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 3.6 - Sensitive Data Retention
[23] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 3.6 - Sensitive Data Retention
[24] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[36] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[37] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[38] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[39] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[40] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[41] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[42] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[43] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[44] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[45] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[46] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.java.null_dereference