CWE

Incomplete Filtering of One or More Instances of Special Elements

ID: 792		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.

Extended Description

Incomplete filtering of this nature involves either

only filtering a single instance of a special element when more exist, or

not filtering all instances or all elements where multiple special elements exist.

Applicable Platforms
None

Common Consequences

Scope	Technical Impact	Notes
Integrity	Unexpected state

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-792 ChildOf CWE-791	Weakness	CWE-1000

Demonstrative Examples   (Details)

1. The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path. (Demonstrative Example Id DX-2)

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None