Corgea LogoCorgea Security Hub

CWE-749: Exposed Dangerous Method or Function

Learn about CWE-749 (Exposed Dangerous Method or Function), its security impact, exploitation methods, and prevention guidelines.

What is Exposed Dangerous Method or Function?

• Overview: Exposed Dangerous Method or Function (CWE-749) is a vulnerability where an API or interface exposes a method or function that can be misused by external actors because it lacks proper access restrictions.

• Exploitation Methods:

  • Attackers exploit this vulnerability by invoking the dangerous method or function, often over a network.
  • Common attack patterns include unauthorized access or manipulation of system resources and data through exposed methods.

• Security Impact:

  • Direct consequences include unauthorized actions such as data leakage, corruption, or execution of unintended operations.
  • Potential cascading effects involve further security breaches, such as privilege escalation or denial of service.
  • Business impact could be significant, including financial loss, reputational damage, and legal liabilities.

• Prevention Guidelines:

  • Specific code-level fixes include implementing strict access controls and authentication checks on the exposed methods.
  • Security best practices involve conducting thorough security reviews and audits of the APIs and interfaces.
  • Recommended tools and frameworks include static analysis tools to detect exposed functions and using secure API gateways or frameworks that enforce access policies.

Corgea can automatically detect and fix Exposed Dangerous Method or Function in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: Low

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

from flask import Flask, request
import os

app = Flask(__name__)

@app.route('/execute', methods=['POST'])
def execute_command():
    # Vulnerable code: Directly executes system commands based on user input
    command = request.form['command']
    os.system(command)  # This line executes commands without validation, leading to command injection vulnerability

if __name__ == '__main__':
    app.run()

How to fix Exposed Dangerous Method or Function?

The vulnerability in the code above arises from allowing untrusted input to directly execute system commands, which can lead to command injection attacks. This is a classic example of CWE-749 (Exposed Dangerous Method or Function), where the os.system() function is used inappropriately with external input.

Fix Approach:

  1. Input Validation and Sanitization: Validate and sanitize user inputs to ensure that only safe and intended commands are executed.
  2. Use of Safer Alternatives: Instead of os.system(), consider using higher-level APIs or libraries that are designed to safely handle the intended operations.
  3. Restrict Functionality: Limit the functionality exposed by the API to only the necessary operations. Implement strict access controls and authentication mechanisms to prevent unauthorized use.

Fixed Code Example

from flask import Flask, request, jsonify
import subprocess

app = Flask(__name__)

@app.route('/execute', methods=['POST'])
def execute_command():
    # Fixed code: Only allows predefined safe commands to be executed
    safe_commands = {
        'list_files': 'ls',
        'current_directory': 'pwd'
    }
    user_command = request.form.get('command')
    
    # Validate the command against a whitelist
    if user_command in safe_commands:
        # Use subprocess for safer command execution
        result = subprocess.run(safe_commands[user_command], shell=True, capture_output=True, text=True)
        return jsonify({'result': result.stdout})
    else:
        return jsonify({'error': 'Invalid command'}), 400

if __name__ == '__main__':
    app.run()

Explanation:

  • Command Whitelisting: The fixed code uses a dictionary to map user-friendly command names to actual shell commands. Only commands explicitly defined in safe_commands are allowed to be executed, effectively preventing arbitrary command execution.
  • Controlled Execution: The subprocess.run() function is used instead of os.system(), which provides more control over command execution and allows capturing the command output securely.
  • Error Handling: If a command is not in the whitelist, the application returns an error message, preventing the execution of unauthorized commands.
  • Security Principles: By controlling which commands can be executed and validating input against a predefined set of safe commands, the application mitigates the risk of command injection and limits exposure to potentially dangerous functions.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-749: Exposed Dangerous Method or Function and get remediation guidance

Start for free and no credit card needed.