CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

What is Improper Control of Resource Identifiers ('Resource Injection')?

• Overview: Improper Control of Resource Identifiers, or Resource Injection, happens when an application lets users control identifiers for system resources without adequate restrictions, potentially allowing unauthorized access or changes to those resources.

• Exploitation Methods:

• Attackers can manipulate input to determine resource identifiers like filenames or network ports.
• Common techniques include altering file paths to access restricted files or changing configuration settings to redirect network traffic.

• Security Impact:

• Direct consequences include unauthorized access or alteration of files, data leakage, or service misconfiguration.
• Potential cascading effects involve system compromise, data corruption, or denial of service.
• Business impact can include data breaches, loss of customer trust, and regulatory penalties.

• Prevention Guidelines:

• Validate and sanitize all inputs that are used as resource identifiers.
• Implement least privilege principles, ensuring users have only necessary access.
• Use secure APIs and libraries that provide automatic resource validation.
• Regularly audit code and conduct security testing to identify potential injection points.

Corgea can automatically detect and fix Improper Control of Resource Identifiers ('Resource Injection') in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: High

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

Python Example

import os

def read_file(filename):
    # Vulnerable to Resource Injection
    # The filename input is not validated or sanitized, allowing potential injection
    with open(filename, 'r') as file:
        return file.read()

# Example of improper input that could exploit this vulnerability
# User input: "../../../../etc/passwd"
user_input = "../../../../etc/passwd"
print(read_file(user_input))

Explanation:

• In this code, the read_file function directly uses the filename input to open a file without any validation or sanitization.
• An attacker could supply input like "../../../../etc/passwd" to access sensitive files outside the intended directory, exploiting the Resource Injection vulnerability.

How to fix Improper Control of Resource Identifiers ('Resource Injection')?

To fix this vulnerability, it's crucial to validate and sanitize user inputs. Ensure inputs adhere to expected patterns and restrict file operations to specific directories. Here are some best practices:

• Input Validation: Permit only filenames that match a predefined pattern.
• Path Normalization: Use functions to resolve paths and ensure they reside within intended directories.
• Whitelisting: Maintain a list of allowed filenames and validate against it.

Fixed Code Example

Python Example

import os

def read_file(filename):
    # FIX: Validate and sanitize the filename input
    # Allow only filenames that match the expected pattern, avoiding path traversal
    base_dir = '/safe_directory/'  # Define a safe base directory
    safe_filename = os.path.basename(filename)  # Extract only the filename
    full_path = os.path.join(base_dir, safe_filename)  # Construct a safe full path

    # Ensure the resolved path is within the allowed directory
    if not os.path.commonpath([os.path.realpath(full_path), base_dir]) == os.path.realpath(base_dir):
        raise ValueError("Invalid file path")

    with open(full_path, 'r') as file:
        return file.read()

# Example of safe input
user_input = "example.txt"
print(read_file(user_input))

Explanation:

• Path Normalization and Safety Check: The code uses os.path.basename to ensure only the filename is used, preventing directory traversal. The full path is constructed using os.path.join with a predefined base directory.
• Directory Restriction: The os.path.commonpath function, combined with os.path.realpath, checks that the resulting path starts within the intended directory, ensuring no path traversal outside allowed bounds.
• Error Handling: The code raises a ValueError if an invalid path is detected, preventing unauthorized access to files.

This revised content ensures the examples are clear, realistic, and demonstrate the vulnerability and its fix effectively, while following Python best practices.