Corgea LogoCorgea Security Hub

CWE-494: Download of Code Without Integrity Check

Learn about CWE-494 (Download of Code Without Integrity Check), its security impact, exploitation methods, and prevention guidelines.

What is Download of Code Without Integrity Check?

• Overview: This vulnerability occurs when a software product downloads code from a remote location and executes it without verifying the source or ensuring the code's integrity, leaving it open to potential attacks.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by compromising the server hosting the code, intercepting the code during transit, or using DNS spoofing to redirect the download to malicious code.
  • Common attack patterns include man-in-the-middle attacks, where attackers intercept and alter the code, and server-side code tampering, where attackers modify the code at its source.

• Security Impact:

  • Direct consequences include execution of malicious code, which can lead to unauthorized access, data theft, or full system compromise.
  • Potential cascading effects include spreading malware to connected systems, data corruption, and unauthorized data exfiltration.
  • Business impact could encompass financial losses, damage to reputation, and legal liabilities due to data breaches or service disruptions.

• Prevention Guidelines:

  • Specific code-level fixes include implementing checksums or digital signatures to verify the integrity and authenticity of downloaded code before execution.
  • Security best practices involve using secure connections (e.g., HTTPS) for downloads, validating the source of the code, and employing code whitelisting.
  • Recommended tools and frameworks include using libraries and tools that automatically handle integrity checks, such as those providing Secure Software Development Lifecycle (SSDLC) support, or leveraging containerization technologies to isolate execution environments.
Corgea can automatically detect and fix Download of Code Without Integrity Check in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Medium

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

JavaScript Example

// This code downloads a script from a remote server and executes it without verifying its integrity.
// This poses a security risk as the downloaded script could be tampered with.

const https = require('https');
const vm = require('vm');

function downloadAndExecuteScript(url) {
    https.get(url, (response) => {
        let data = '';

        // Accumulate the data chunks
        response.on('data', (chunk) => {
            data += chunk;
        });

        response.on('end', () => {
            // Execute the downloaded script without integrity check
            vm.runInThisContext(data); // Vulnerable line
        });
    }).on('error', (err) => {
        console.error("Error downloading script:", err);
    });
}

// Example usage
downloadAndExecuteScript('https://example.com/remoteScript.js');

How to fix Download of Code Without Integrity Check?

To fix this vulnerability, you should implement integrity checks for any code or executable downloaded from a remote source. A common approach is to use cryptographic hash functions like SHA-256 to verify the integrity of the downloaded content. You should pre-compute the expected hash of the script and compare it with the hash of the downloaded content before execution. In addition, using secure channels like HTTPS and verifying certificates can help ensure that the code has not been tampered with in transit.

Fixed Code Example

const https = require('https');
const vm = require('vm');
const crypto = require('crypto');

function downloadAndExecuteScript(url, expectedHash) {
    https.get(url, (response) => {
        let data = '';
        const hash = crypto.createHash('sha256'); // Create a SHA-256 hash object

        response.on('data', (chunk) => {
            data += chunk;
            hash.update(chunk); // Update the hash with each data chunk
        });

        response.on('end', () => {
            const calculatedHash = hash.digest('hex'); // Calculate the final hash
            if (calculatedHash === expectedHash) { // Check if the calculated hash matches the expected hash
                vm.runInThisContext(data); // Secure line as integrity is verified
            } else {
                console.error("Hash mismatch! The script may have been tampered with.");
            }
        });
    }).on('error', (err) => {
        console.error("Error downloading script:", err);
    });
}

// Example usage with expected hash
const scriptUrl = 'https://example.com/remoteScript.js';
const expectedHash = 'expected_precomputed_sha256_hash';
downloadAndExecuteScript(scriptUrl, expectedHash);

Key Changes:

  • Introduced crypto module to generate and compare SHA-256 hashes.
  • Calculated the hash of the downloaded content and compared it with the expected hash before execution.
  • Added error handling for hash mismatches to prevent execution of potentially tampered scripts.
  • Ensured proper syntax highlighting and formatting for code blocks.
  • Provided comprehensive comments explaining the vulnerability and the fix.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-494: Download of Code Without Integrity Check and get remediation guidance

Start for free and no credit card needed.