CWE-155: Improper Neutralization of Wildcards or Matching Symbols
Learn about CWE-155 (Improper Neutralization of Wildcards or Matching Symbols), its security impact, exploitation methods, and prevention guidelines.
What is Improper Neutralization of Wildcards or Matching Symbols?
• Overview: This vulnerability occurs when a software application processes input data containing special symbols or wildcards without properly neutralizing them. These symbols can be misinterpreted by downstream components, leading to unintended actions such as unauthorized access or data manipulation.
• Exploitation Methods:
- Attackers can exploit this by crafting inputs with special symbols or wildcards that are not properly sanitized.
- Common attack patterns include leveraging regex or file path wildcards to manipulate application behavior or access restricted resources.
• Security Impact:
- Direct consequences of successful exploitation include unauthorized access to sensitive data or system resources.
- Potential cascading effects might involve privilege escalation or denial of service.
- Business impact could be significant, including data breaches, loss of customer trust, and legal repercussions.
• Prevention Guidelines:
- Specific code-level fixes include implementing strict input validation and sanitization to remove or escape special symbols.
- Security best practices involve using allow-lists for acceptable inputs and validating data as close to the source as possible.
- Recommended tools and frameworks include static analysis tools to identify improper neutralization and using libraries that provide safe input handling functions.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
import os
import fnmatch
def search_files(directory, pattern):
matches = []
# Vulnerable code: fnmatch allows wildcards in the pattern, which can be abused
for root, dirnames, filenames in os.walk(directory):
for filename in fnmatch.filter(filenames, pattern): # Matches based on pattern
matches.append(os.path.join(root, filename))
return matches
# Example usage
# This could be dangerous if `pattern` is unsanitized user input
search_files('/var/log', '*.log')
In the above code, the pattern used in fnmatch.filter is directly derived from user input. This allows for wildcard characters like * and ? to be used, potentially leading to unintended file matches. If an attacker can control the pattern, they might access sensitive files or directories by crafting a malicious pattern.
How to fix Improper Neutralization of Wildcards or Matching Symbols?
Fixed Code Example
import os
import fnmatch
import re
def sanitize_pattern(pattern):
# Escape potential wildcard characters to treat them as literals
return re.escape(pattern)
def search_files(directory, pattern):
matches = []
sanitized_pattern = sanitize_pattern(pattern)
for root, dirnames, filenames in os.walk(directory):
for filename in filenames:
# Use fnmatch to match filenames against the sanitized pattern
if fnmatch.fnmatch(filename, sanitized_pattern):
matches.append(os.path.join(root, filename))
return matches
# Example usage
# The pattern is sanitized to prevent wildcard abuse
search_files('/var/log', '*.log')
In the fixed code, the sanitize_pattern function uses re.escape to neutralize wildcard characters by escaping them, ensuring they are treated as regular characters. This prevents the misuse of wildcards to access unintended files. By using fnmatch.fnmatch with a sanitized pattern, only literal matches are allowed, mitigating the wildcard abuse risk. Additionally, consider implementing directory access controls to further enhance security.