CWE-1108: Excessive Reliance on Global Variables

What is Excessive Reliance on Global Variables?

• Overview: Excessive reliance on global variables occurs when code frequently uses or modifies global variables instead of managing information within localized contexts. This practice complicates maintenance and can unintentionally introduce or obscure vulnerabilities.

• Exploitation Methods:

• Attackers can exploit the unpredictability and lack of control over global variables, potentially leading to unauthorized data manipulation.
• Common attack patterns include altering global state to affect the program's logic or using global variables to inject malicious values.

• Security Impact:

• Direct consequences include unexpected program behavior and data corruption.
• Potential cascading effects involve increased difficulty in debugging and patching security issues, leading to a higher likelihood of vulnerabilities.
• Business impact includes increased maintenance costs and potential data breaches, damaging reputation and financial standing.

• Prevention Guidelines:

• Specific code-level fixes involve refactoring code to minimize global variable usage, encapsulating data within functions or classes.
• Security best practices include using local variables where possible, employing design patterns that promote data encapsulation, and ensuring thorough testing of global state changes.
• Recommended tools and frameworks include static analysis tools to detect global variable usage and frameworks that support modular programming, such as dependency injection frameworks.

Corgea can automatically detect and fix Excessive Reliance on Global Variables in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not specified

Affected Technologies: Not specified