CWE-360: Trust of System Event Data
Learn about CWE-360 (Trust of System Event Data), its security impact, exploitation methods, and prevention guidelines.
What is Trust of System Event Data?
• Overview: Trust of System Event Data (CWE-360) is a vulnerability where software improperly trusts events or messages from potentially untrusted sources, leading to security risks due to spoofing or unauthorized manipulation.
• Exploitation Methods:
- Attackers can inject or spoof event messages to manipulate application behavior.
- Common attack patterns include sending malicious events to applications that do not verify the source or integrity of these events.
• Security Impact:
- Direct consequences include unauthorized actions or commands being executed.
- Potential cascading effects can include privilege escalation, data corruption, or denial of service.
- Business impact may involve data breaches, loss of customer trust, or regulatory non-compliance.
• Prevention Guidelines:
- Implement proper validation and authentication for event messages.
- Use security best practices such as least privilege and input validation.
- Recommended tools and frameworks include secure messaging libraries and event logging mechanisms that include authentication and integrity checks.
Corgea can automatically detect and fix Trust of System Event Data in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit:
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
import os
def handle_event(event):
# This function trusts the event data for critical decisions
if event['location'] == 'trusted_location':
# Perform critical operation based on event location
os.system("echo 'Performing critical operation'")
else:
print("Ignoring event from untrusted location")
Explanation
In this vulnerable code, the system trusts the event['location'] to decide whether to perform a critical operation. An attacker can spoof the event location to trusted_location and trigger unauthorized operations. This is a classic example of CWE-360, where trusting system event data can lead to security vulnerabilities.
How to fix Trust of System Event Data?
To fix the vulnerability, avoid relying solely on event data for critical operations. Implement additional checks or validation mechanisms, such as validating the event source through a secure channel or using cryptographic signatures to verify event authenticity. Additionally, avoid executing system commands directly with data from untrusted sources.
Fixed Code Example
import os
import hashlib
import hmac
SECRET_KEY = b'super_secret_key'
def handle_event(event):
# Validate the authenticity of the event location using HMAC
provided_signature = event.get('signature', '')
computed_signature = hmac.new(SECRET_KEY, event['location'].encode(), hashlib.sha256).hexdigest()
if hmac.compare_digest(provided_signature, computed_signature):
# Perform critical operation only if the signature is valid
os.system("echo 'Performing critical operation'")
else:
print("Ignoring event from untrusted source")
Explanation
In the fixed code, we use HMAC for verifying the integrity and authenticity of the event location. The SECRET_KEY is used to generate a secure hash of the location, which is then compared against a signature provided in the event. This ensures that the location hasn't been tampered with and is from a trusted source. The use of hmac.compare_digest helps prevent timing attacks by ensuring a constant-time comparison. Additionally, it's crucial to securely manage the SECRET_KEY to prevent exposure, and ensure that the signature is always included in the event data.