CWE

Incomplete Filtering of Multiple Instances of Special Elements

ID: 794		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.

Extended Description

Incomplete filtering of this nature may be applied to

sequential elements (special elements that appear next to each other) or

non-sequential elements (special elements that appear multiple times in different locations).

Applicable Platforms
None

Common Consequences

Scope	Technical Impact	Notes
Integrity	Unexpected state

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-794 ChildOf CWE-792	Weakness	CWE-1000

Demonstrative Examples   (Details)

1. The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path. (Demonstrative Example Id DX-2)

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None