CWE-676 潜在危险函数的使用

Use of Potentially Dangerous Function

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: High

基本描述

The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 1177 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 1177 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Other ['Varies by Context', 'Quality Degradation', 'Unexpected State'] If the function is used incorrectly, then it could result in security problems.

检测方法

Automated Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Bytecode Weakness Analysis - including disassembler + source code weakness analysis
  • Binary Weakness Analysis - including disassembler + source code weakness analysis
Cost effective for partial coverage:
  • Binary / Bytecode Quality Analysis
  • Binary / Bytecode simple extractor – strings, ELF readers, etc.

Manual Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Manual Results Interpretation

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Debugger
Cost effective for partial coverage:
  • Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Manual Source Code Review (not inspections)
Cost effective for partial coverage:
  • Focused Manual Spotcheck - Focused manual analysis of source

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Source code Weakness Analyzer
  • Context-configured Source Code Weakness Analyzer
Cost effective for partial coverage:
  • Warning Flags
  • Source Code Quality Analyzer

Automated Static Analysis

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Origin Analysis

Architecture or Design Review

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Formal Methods / Correct-By-Construction
  • Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

可能的缓解方案

['Build and Compilation', 'Implementation']

策略:

Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-7]

示例代码

The following code attempts to create a local copy of a buffer to perform some manipulations to the data.

bad C

void manipulate_string(char * string){
char buf[24];
strcpy(buf, string);
...
}

However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and blindly copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter.

分析过的案例

标识 说明 链接
CVE-2007-1470 Library has multiple buffer overflows using sprintf() and strcpy() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1470
CVE-2009-3849 Buffer overflow using strcat() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3849
CVE-2006-2114 Buffer overflow using strcpy() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2114
CVE-2006-0963 Buffer overflow using strcpy() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0963
CVE-2011-0712 Vulnerable use of strcpy() changed to use safer strlcpy() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0712
CVE-2008-5005 Buffer overflow using strcpy() https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
7 Pernicious Kingdoms Dangerous Functions
CERT C Secure Coding CON33-C CWE More Abstract Avoid race conditions when using library functions
CERT C Secure Coding ENV33-C CWE More Abstract Do not call system()
CERT C Secure Coding ERR07-C Prefer functions that support error checking over equivalent functions that don't
CERT C Secure Coding ERR34-C CWE More Abstract Detect errors when converting a string to a number
CERT C Secure Coding FIO01-C Be careful using functions that use file names for identification
CERT C Secure Coding MSC30-C CWE More Abstract Do not use the rand() function for generating pseudorandom numbers
CERT C Secure Coding STR31-C Imprecise Guarantee that storage for strings has sufficient space for character data and the null terminator
Software Fault Patterns SFP3 Use of an improper API

引用