界: Code Quality
程式碼品質不佳,會導致無法預料的行為。從使用者的角度來看,這通常表現為可用性不佳。對於攻擊者而言,這提供了以意想不到的方式向系統施加壓力的機會。
Uninitialized Variable
Abstract
程式能夠在變數被初始化之前使用它。
Explanation
在 .Net 中,會將靜態變數初始化為預設值,但是如果未進行初始化就直接使用那些變數,將可能導致以業務邏輯為主的問題,或者可能被用於執行阻斷服務 (DoS) 攻擊。程式永遠不會使用變數的預設值。
對於程式設計師來說,通常不會使用在程式碼中 Uninitialized Variable 來處理錯誤或是處理一些特殊的情況。對 Uninitialized Variable 提出的警告有時能夠指出程式碼中的打字錯誤。
範例 1:下列程式碼將由 .Net 編譯器在不會發生任何錯誤的情況下進行編譯。不過,下列陳述式
多數 Uninitialized Variable 問題都是由軟體可靠性造成的,但是如果攻擊者能夠使 Uninitialized Variable 被使用,就能發動 Denial of Service 攻擊。
對於程式設計師來說,通常不會使用在程式碼中 Uninitialized Variable 來處理錯誤或是處理一些特殊的情況。對 Uninitialized Variable 提出的警告有時能夠指出程式碼中的打字錯誤。
範例 1:下列程式碼將由 .Net 編譯器在不會發生任何錯誤的情況下進行編譯。不過,下列陳述式
int a = (Int32)i + (Int32)j; 會拋出無法處理的異常,並使應用程式在執行階段當機。
class Program
{
static int? i = j;
static int? j;
static void Main(string[] args)
{
j = 100;
int a = (Int32)i + (Int32)j;
Console.WriteLine(i);
Console.WriteLine(j);
Console.WriteLine(a);
}
}
多數 Uninitialized Variable 問題都是由軟體可靠性造成的,但是如果攻擊者能夠使 Uninitialized Variable 被使用,就能發動 Denial of Service 攻擊。
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 457, CWE ID 824
[2] Standards Mapping - Common Weakness Enumeration Top 25 2024 [12] CWE ID 020, [20] CWE ID 119
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 9.1
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 9.1
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 8-5-1
[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023 Rule 11.6.2
[8] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[9] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[10] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[12] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 665
[13] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[35] Standards Mapping - Smart Contract Weakness Classification SWC-109
[36] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[37] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.structural.dotnet.uninitialized_variable
Abstract
程式可能會在初始化之前使用變數。
Explanation
根據預設,C 和 C++ 中的堆疊變數不會被初始化。它們的初始值取決於當函數被呼叫時,其在堆疊中發生的情況而定。程式永遠不會使用 Uninitialized Variable 的值。
對於程式設計師來說,通常不會使用在程式碼中 Uninitialized Variable 來處理錯誤或是處理一些特殊的情況。對 Uninitialized Variable 提出的警告有時能夠指出程式碼中的打字錯誤。
範例 1:以下 switch 陳述式企圖為變數
大部分的 Uninitialized Variable 都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發使用 Uninitialized Variable,就能夠透過使程式當機的方式發動 Denial of Service 攻擊。在適當的情況下,攻擊者可以藉由在呼叫函數之前影響堆疊中的數值來控制 Uninitialized Variable 的值。
對於程式設計師來說,通常不會使用在程式碼中 Uninitialized Variable 來處理錯誤或是處理一些特殊的情況。對 Uninitialized Variable 提出的警告有時能夠指出程式碼中的打字錯誤。
範例 1:以下 switch 陳述式企圖為變數
aN 和 bN 設定值,但是在預設案例中,程式設計師不小心將 aN 的值設定了兩次。
switch (ctl) {
case -1:
aN = 0; bN = 0;
break;
case 0:
aN = i; bN = -i;
break;
case 1:
aN = i + NEXT_SZ; bN = i - NEXT_SZ;
break;
default:
aN = -1; aN = -1;
break;
}
大部分的 Uninitialized Variable 都會導致一般軟體可靠性問題,但是如果攻擊者蓄意觸發使用 Uninitialized Variable,就能夠透過使程式當機的方式發動 Denial of Service 攻擊。在適當的情況下,攻擊者可以藉由在呼叫函數之前影響堆疊中的數值來控制 Uninitialized Variable 的值。
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 457, CWE ID 824
[2] Standards Mapping - Common Weakness Enumeration Top 25 2024 [12] CWE ID 020, [20] CWE ID 119
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 9.1
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 9.1
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 8-5-1
[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023 Rule 11.6.2
[8] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[9] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[10] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[12] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 665
[13] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[35] Standards Mapping - Smart Contract Weakness Classification SWC-109
[36] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[37] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.cpp.uninitialized_variable