Corgea LogoCorgea Security Hub

CWE-471: Modification of Assumed-Immutable Data (MAID)

Learn about CWE-471 (Modification of Assumed-Immutable Data (MAID)), its security impact, exploitation methods, and prevention guidelines.

What is Modification of Assumed-Immutable Data (MAID)?

• Overview: Modification of Assumed-Immutable Data (MAID) occurs when certain data elements in an application, expected to remain unchanged, can be altered by attackers. This vulnerability arises when developers assume some data is immutable, such as hidden form fields or cookies, but fail to implement mechanisms to enforce this immutability.

• Exploitation Methods:

  • Attackers can modify data assumed to be immutable through direct tampering, such as editing hidden form fields, altering cookies, or manipulating data sent between client and server.
  • Common attack patterns include parameter tampering, cookie poisoning, and DNS spoofing.

• Security Impact:

  • Direct consequences of successful exploitation include unauthorized actions within the application, data corruption, or privilege escalation.
  • Potential cascading effects might involve broader security breaches, including data leakage or further compromise of application integrity.
  • Business impact can be severe, ranging from loss of customer trust to financial losses due to fraud or data breaches.

• Prevention Guidelines:

  • Specific code-level fixes include validating all inputs and outputs, using server-side checks, and avoiding reliance on client-side data for critical decisions.
  • Security best practices involve using secure communication protocols, employing data integrity checks, and regularly auditing code for assumptions about data immutability.
  • Recommended tools and frameworks include libraries for data validation and integrity checks, security-focused web application frameworks, and intrusion detection systems.
Corgea can automatically detect and fix Modification of Assumed-Immutable Data (MAID) in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

class ConfigManager:
    def __init__(self, config):
        # The configuration is assumed to be immutable, but it is passed as a mutable dictionary
        self.config = config  # The internal state is directly referencing the mutable input

    def get_config_value(self, key):
        return self.config.get(key)

# Example usage
original_config = {"debug": False, "max_connections": 100}
manager = ConfigManager(original_config)
# An attacker or a bug can change the config after initialization
original_config["debug"] = True  # This change affects the ConfigManager's internal state

In this vulnerable code, the ConfigManager class accepts a mutable dictionary as its configuration. Because the dictionary is mutable, any external modifications to it after it has been passed to the ConfigManager will directly affect the internal state of the ConfigManager. This can lead to unintended behavior or security issues, as the configuration is assumed to be immutable once set.

How to fix Modification of Assumed-Immutable Data (MAID)?

To fix this vulnerability, ensure that the configuration data is immutable. In Python, one effective approach is to use a data structure that enforces immutability, such as collections.namedtuple or a custom immutable class. The configuration should be copied or transformed into an immutable structure upon being passed to the ConfigManager, thus preventing external modifications.

Fixed Code Example

from collections import namedtuple

# Define an immutable configuration using namedtuple
Config = namedtuple('Config', ['debug', 'max_connections'])

class ConfigManager:
    def __init__(self, config):
        # Convert the mutable dictionary to an immutable namedtuple
        self.config = Config(**config)  # This ensures immutability by copying into a namedtuple

    def get_config_value(self, key):
        # Use getattr to safely access attributes of the namedtuple
        return getattr(self.config, key, None)

# Example usage
original_config = {"debug": False, "max_connections": 100}
manager = ConfigManager(original_config)
# Attempting to change the original configuration now has no effect on the ConfigManager
original_config["debug"] = True

In the fixed code, the configuration dictionary is converted into a namedtuple, which is immutable. This ensures that any changes made to the original_config dictionary after it has been passed to the ConfigManager do not affect the internal state of the ConfigManager. This approach effectively prevents the Modification of Assumed-Immutable Data (MAID) vulnerability by ensuring that the configuration cannot be altered unexpectedly after being set.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-471: Modification of Assumed-Immutable Data (MAID) and get remediation guidance

Start for free and no credit card needed.