Corgea LogoCorgea Security Hub

CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data

Learn about CWE-349 (Acceptance of Extraneous Untrusted Data With Trusted Data), its security impact, exploitation methods, and prevention guidelines.

What is Acceptance of Extraneous Untrusted Data With Trusted Data?

• Overview: Acceptance of Extraneous Untrusted Data With Trusted Data (CWE-349) occurs when a system processes trusted data but inadvertently includes and treats untrusted data as trusted, potentially allowing malicious input to be executed or used as if it were safe.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by injecting malicious data alongside trusted data, which the system mistakenly processes without verification.
  • Common attack patterns include injecting scripts or commands into data fields that are assumed to be safe, leading to execution of malicious code or unauthorized actions.

• Security Impact:

  • Direct consequences of successful exploitation include unauthorized data access, data corruption, and execution of unauthorized code.
  • Potential cascading effects can lead to system compromise, data breaches, and further exploitation of connected systems.
  • Business impact includes loss of customer trust, legal liabilities, and financial losses due to data breaches or service disruptions.

• Prevention Guidelines:

  • Specific code-level fixes include validating and sanitizing all data inputs, segregating trusted and untrusted data processing paths, and using strict data parsing rules.
  • Security best practices involve implementing input validation, employing secure coding standards, and conducting regular code reviews and security audits.
  • Recommended tools and frameworks include static analysis tools for identifying data handling issues, input validation libraries, and security frameworks that enforce data integrity and separation.

Corgea can automatically detect and fix Acceptance of Extraneous Untrusted Data With Trusted Data in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

Python Example

import json

def process_user_data(json_data):
    # Trusted data to be processed
    trusted_data = json_data.get('trusted', {})
    
    # Vulnerable: Directly merging trusted data with untrusted data
    # This assumes that 'json_data' only contains trusted keys and values, 
    # but it might contain untrusted data as well.
    combined_data = {**trusted_data, **json_data}  # Merges all data, including untrusted

    return combined_data

# Example usage
user_input = '{"trusted": {"name": "Alice"}, "untrusted": {"role": "admin"}}'
user_data = process_user_data(json.loads(user_input))
print(user_data)

Explanation:

  • The process_user_data function is intended to handle trusted data, but it accepts and merges any additional untrusted data present in the input JSON.
  • The vulnerability arises because the function merges both trusted and untrusted data indiscriminately, potentially allowing untrusted data to be treated as if it were trusted.
  • This could lead to security issues if untrusted data is assumed to be safe and is used in a sensitive context.

How to fix Acceptance of Extraneous Untrusted Data With Trusted Data?

To address this vulnerability, ensure that only explicitly trusted data is processed and merged. Avoid processing any additional data that is not specified or known to be trusted. You can achieve this by:

  1. Strictly defining which keys and values are trusted and should be processed.
  2. Filtering out any unexpected data that does not match the expected structure.
  3. Validating and sanitizing all incoming data before processing or merging.

Fixed Code Example

import json

def process_user_data(json_data):
    # Define expected trusted data keys
    expected_keys = {'trusted'}

    # Only extract and process known trusted data
    trusted_data = {key: json_data[key] for key in expected_keys if key in json_data}

    # Process only the trusted data
    return trusted_data

# Example usage
user_input = '{"trusted": {"name": "Alice"}, "untrusted": {"role": "admin"}}'
user_data = process_user_data(json.loads(user_input))
print(user_data)

Explanation:

  • The fixed code defines a set of expected keys (expected_keys) that are known to be trusted.
  • It constructs the trusted_data dictionary by explicitly extracting only those keys from json_data.
  • This approach ensures that no untrusted data is processed or merged, thus mitigating the vulnerability of accepting extraneous untrusted data.
  • By focusing solely on the expected keys, the code avoids inadvertently processing or trusting data that has not been explicitly deemed safe.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data and get remediation guidance

Start for free and no credit card needed.