Containment Errors (Container Errors)| ID: 216 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Class |
Description
This tries to cover various problems in which improper data are
included within a "container."
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Other | Other | |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and Design | Separation of Privilege | Compartmentalize the system to have "safe" areas where trust
boundaries can be unambiguously drawn. Do not allow sensitive data to go
outside of the trust boundary and always be careful when interfacing
with a compartment outside of the safe area.Ensure that appropriate compartmentalization is built into the system
design and that the compartmentalization serves to allow for and further
reinforce privilege separation functionality. Architects and designers
should rely on the principle of least privilege to decide when it is
appropriate to use and to drop system privileges. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-216 ChildOf CWE-907 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | Containment errors (container errors) | |
References:None
